Re: session tracking in a context that contains JSP and servlets

[Leon Rosenberg]

On 9/22/05, Mark <[EMAIL PROTECTED]> wrote:
> I would think that this is possible.  I have been writing servlets for
> over a year, but have not written a single line of JSP.

Technically speaking each JSP is actually a servlet... more or less.
Everything that works in the server works in the jsp too.

regards
Leon

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: session tracking in a context that contains JSP and servlets

[Mark]

I would think that this is possible.  I have been writing servlets for
over a year, but have not written a single line of JSP.

On 9/21/05, David Wall <[EMAIL PROTECTED]> wrote:
> Mark wrote:
>
> >I want to create a webapp that will contain both servlets and JSP.  I
> >will be using a login page to authenticate users.  I will probably use
> >one of the Tomcat supported authentication modules.
> >
> >I am wondering if it is possible for tomcat to properly manage session
> >information when going between servlet and JSP pages.
> >
> >
> Of course.  After all, every JSP is compiled into a servlet.  Naturally,
> if the browser supports session cookies, all is very easy, but if they
> block such cookies, then you'll need to use URL rewriting for every
> reference to an URL within your web app so that the session id can be
> transmitted back.  Use response.encodeURL() and
> response.encodeRedirectURL() as necessary.
>
> David
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: session tracking in a context that contains JSP and servlets

[David Wall]

Mark wrote:


I want to create a webapp that will contain both servlets and JSP.  I
will be using a login page to authenticate users.  I will probably use
one of the Tomcat supported authentication modules.

I am wondering if it is possible for tomcat to properly manage session
information when going between servlet and JSP pages.
 

Of course.  After all, every JSP is compiled into a servlet.  Naturally, 
if the browser supports session cookies, all is very easy, but if they 
block such cookies, then you'll need to use URL rewriting for every 
reference to an URL within your web app so that the session id can be 
transmitted back.  Use response.encodeURL() and 
response.encodeRedirectURL() as necessary.


David

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Session Tracking

[Raghaw Goswami]

Thanks for e-mail's.
I am new to these technologies & learning on my own, I
will read on java language and session mgmt.

Thanks again.
R.

--- Brian Cook <[EMAIL PROTECTED]> wrote:

> 
> As well as the rules for session management.
> 
> Wade Chandler wrote:
> > I think you need to read up on the java language a
> > bit.  See what static and final mean.  
> > 
> > Wade
> > 
> > --- Raghaw Goswami <[EMAIL PROTECTED]> wrote:
> > 
> > 
> >>Thanks for the e-mail:
> >>First time it was 0 , then 1 , This is when the
> >>browser was closed and opened then it never
> >>incremented was always 0 when browser was closed
> and
> >>opened. 
> >>
> >>I am attaching the Showsession.java file for
> >>reference. May be i am missing some thing  if the
> >>variable is made static how can its value
> increment
> >>?
> >>
> >>R
> >>
> >>--- Arup Vidyerthy <[EMAIL PROTECTED]>
> wrote:
> >>
> >>
> >>>Does it not increment at all or does the
> increment
> >>>counter gets reset and
> >>>starts all over again from 0. Basically if you
> >>
> >>want
> >>
> >>>to keep the counter
> >>>incrementing everytime you access that page (or
> >>
> >>hit
> >>
> >>>that that servlet) you
> >>>need to make it a static variable in your
> >>>servlet/jsp.
> >>>
> >>>-Original Message-
> >>>From: Raghaw Goswami [mailto:[EMAIL PROTECTED] 
> >>>Sent: 19 August 2005 14:46
> >>>To: tomcat-user@jakarta.apache.org
> >>>Subject: Session Tracking
> >>>
> >>>Hi,
> >>>I have JDK 1.5 [J2SE 5.0 update 3], Tomcat
> >>
> >>5.5.9,Win
> >>
> >>>XP SP2,  Trying a e.g.
> >>>session tracking [The Session Tracking API] using
> >>>HttpSession object.
> >>>
> >>>The program works[ accessCount increments] when I
> >>>don't close the current
> >>>browser and open new brwoser with CTRL + N, But
> if
> >>
> >>i
> >>
> >>>quit the browser and
> >>>then start again accessCount does not increment. 
> >>>
> >>>Would appreciate any help in this regards
> >>>
> >>>Thanks in Advance
> >>>R.
> >>>
> >>>
> >>>   
> >>>   
> >>>__
> >>>Do you Yahoo!? 
> >>>Yahoo! Mail - You care about security. So do we. 
> >>>http://promotions.yahoo.com/new_mail
> >>>
> >>>
> >>
> >
>
-
> > 
> >>>To unsubscribe, e-mail:
> >>>[EMAIL PROTECTED]
> >>>For additional commands, e-mail:
> >>>[EMAIL PROTECTED]
> >>>
> >>>
> >>>   
> >>>   
> >>>   
> >>>
> >>
> >
>
___
> > 
> >>>Yahoo! Messenger - NEW crystal clear PC to PC
> >>>calling worldwide with voicemail
> >>>http://uk.messenger.yahoo.com
> >>>
> >>>
> >>
> >
>
-
> > 
> >>>To unsubscribe, e-mail:
> >>>[EMAIL PROTECTED]
> >>>For additional commands, e-mail:
> >>>[EMAIL PROTECTED]
> >>>
> >>>
> >>
> >>__
> >>Do You Yahoo!?
> >>Tired of spam?  Yahoo! Mail has the best spam
> >>protection around 
> >>http://mail.yahoo.com 
> >>
> >
>
-
> > 
> >>To unsubscribe, e-mail:
> >>[EMAIL PROTECTED]
> >>For additional commands, e-mail:
> > 
> > [EMAIL PROTECTED]
> > 
> > 
> >
>
-
> > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
> > 
> > 
> 
> 
> -- 
> Brian Cook
> Digital Services Analyst
> Print Time Inc.
> [EMAIL PROTECTED]
> 913.345.8900
> 
> >
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
[EMAIL PROTECTED]





Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 
 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Session Tracking

[Brian Cook]

As well as the rules for session management.

Wade Chandler wrote:

I think you need to read up on the java language a
bit.  See what static and final mean.  


Wade

--- Raghaw Goswami <[EMAIL PROTECTED]> wrote:



Thanks for the e-mail:
First time it was 0 , then 1 , This is when the
browser was closed and opened then it never
incremented was always 0 when browser was closed and
opened. 


I am attaching the Showsession.java file for
reference. May be i am missing some thing  if the
variable is made static how can its value increment
?

R

--- Arup Vidyerthy <[EMAIL PROTECTED]> wrote:



Does it not increment at all or does the increment
counter gets reset and
starts all over again from 0. Basically if you


want


to keep the counter
incrementing everytime you access that page (or


hit


that that servlet) you
need to make it a static variable in your
servlet/jsp.

-Original Message-
From: Raghaw Goswami [mailto:[EMAIL PROTECTED] 
Sent: 19 August 2005 14:46

To: tomcat-user@jakarta.apache.org
Subject: Session Tracking

Hi,
I have JDK 1.5 [J2SE 5.0 update 3], Tomcat


5.5.9,Win


XP SP2,  Trying a e.g.
session tracking [The Session Tracking API] using
HttpSession object.

The program works[ accessCount increments] when I
don't close the current
browser and open new brwoser with CTRL + N, But if


i


quit the browser and
then start again accessCount does not increment. 


Would appreciate any help in this regards

Thanks in Advance
R.




__
Do you Yahoo!? 
Yahoo! Mail - You care about security. So do we. 
http://promotions.yahoo.com/new_mail






-


To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]









___


Yahoo! Messenger - NEW crystal clear PC to PC
calling worldwide with voicemail
http://uk.messenger.yahoo.com





-


To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]




__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam
protection around 
http://mail.yahoo.com 


-


To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:


[EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
Brian Cook
Digital Services Analyst
Print Time Inc.
[EMAIL PROTECTED]
913.345.8900

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Session Tracking

[Wade Chandler]

I think you need to read up on the java language a
bit.  See what static and final mean.  

Wade

--- Raghaw Goswami <[EMAIL PROTECTED]> wrote:

> Thanks for the e-mail:
> First time it was 0 , then 1 , This is when the
> browser was closed and opened then it never
> incremented was always 0 when browser was closed and
> opened. 
> 
> I am attaching the Showsession.java file for
> reference. May be i am missing some thing  if the
> variable is made static how can its value increment
> ?
> 
> R
> 
> --- Arup Vidyerthy <[EMAIL PROTECTED]> wrote:
> 
> > Does it not increment at all or does the increment
> > counter gets reset and
> > starts all over again from 0. Basically if you
> want
> > to keep the counter
> > incrementing everytime you access that page (or
> hit
> > that that servlet) you
> > need to make it a static variable in your
> > servlet/jsp.
> > 
> > -Original Message-
> > From: Raghaw Goswami [mailto:[EMAIL PROTECTED] 
> > Sent: 19 August 2005 14:46
> > To: tomcat-user@jakarta.apache.org
> > Subject: Session Tracking
> > 
> > Hi,
> > I have JDK 1.5 [J2SE 5.0 update 3], Tomcat
> 5.5.9,Win
> > XP SP2,  Trying a e.g.
> > session tracking [The Session Tracking API] using
> > HttpSession object.
> > 
> > The program works[ accessCount increments] when I
> > don't close the current
> > browser and open new brwoser with CTRL + N, But if
> i
> > quit the browser and
> > then start again accessCount does not increment. 
> > 
> > Would appreciate any help in this regards
> > 
> > Thanks in Advance
> > R.
> > 
> > 
> > 
> > 
> > __
> > Do you Yahoo!? 
> > Yahoo! Mail - You care about security. So do we. 
> > http://promotions.yahoo.com/new_mail
> > 
> >
>
-
> > To unsubscribe, e-mail:
> > [EMAIL PROTECTED]
> > For additional commands, e-mail:
> > [EMAIL PROTECTED]
> > 
> > 
> > 
> > 
> > 
> >
>
___
> > 
> > Yahoo! Messenger - NEW crystal clear PC to PC
> > calling worldwide with voicemail
> > http://uk.messenger.yahoo.com
> > 
> >
>
-
> > To unsubscribe, e-mail:
> > [EMAIL PROTECTED]
> > For additional commands, e-mail:
> > [EMAIL PROTECTED]
> > 
> > 
> 
> __
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> http://mail.yahoo.com 
> >
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
[EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Session Tracking

[Raghaw Goswami]

Thanks for the e-mail:
First time it was 0 , then 1 , This is when the
browser was closed and opened then it never
incremented was always 0 when browser was closed and
opened. 

I am attaching the Showsession.java file for
reference. May be i am missing some thing  if the
variable is made static how can its value increment ?

R

--- Arup Vidyerthy <[EMAIL PROTECTED]> wrote:

> Does it not increment at all or does the increment
> counter gets reset and
> starts all over again from 0. Basically if you want
> to keep the counter
> incrementing everytime you access that page (or hit
> that that servlet) you
> need to make it a static variable in your
> servlet/jsp.
> 
> -Original Message-
> From: Raghaw Goswami [mailto:[EMAIL PROTECTED] 
> Sent: 19 August 2005 14:46
> To: tomcat-user@jakarta.apache.org
> Subject: Session Tracking
> 
> Hi,
> I have JDK 1.5 [J2SE 5.0 update 3], Tomcat 5.5.9,Win
> XP SP2,  Trying a e.g.
> session tracking [The Session Tracking API] using
> HttpSession object.
> 
> The program works[ accessCount increments] when I
> don't close the current
> browser and open new brwoser with CTRL + N, But if i
> quit the browser and
> then start again accessCount does not increment. 
> 
> Would appreciate any help in this regards
> 
> Thanks in Advance
> R.
> 
> 
>   
>   
> __
> Do you Yahoo!? 
> Yahoo! Mail - You care about security. So do we. 
> http://promotions.yahoo.com/new_mail
> 
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 
>   
>   
>   
>
___
> 
> Yahoo! Messenger - NEW crystal clear PC to PC
> calling worldwide with voicemail
> http://uk.messenger.yahoo.com
> 
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Session Tracking

[Brian Cook]

Of corse it doesn't.  If you close the browser you are killing the 
session.  So when the browser reopens it is getting a new session 
object.  This is exactly how it is supposed to work.  You might be be 
able to store the value in a cookie, but if the user blocks them or has 
set their browser to delete cookies at the end of the session as most do 
then that will not work either.


Raghaw Goswami wrote:

Hi,
I have JDK 1.5 [J2SE 5.0 update 3], Tomcat 5.5.9,Win
XP SP2,  Trying a e.g. session tracking [The Session
Tracking API] using HttpSession object.

The program works[ accessCount increments] when I
don't close the current browser and open new brwoser
with CTRL + N, But if i quit the browser and then
start again 
accessCount does not increment. 


Would appreciate any help in this regards

Thanks in Advance
R.




__ 
Do you Yahoo!? 
Yahoo! Mail - You care about security. So do we. 
http://promotions.yahoo.com/new_mail


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
Brian Cook
Digital Services Analyst
Print Time Inc.
[EMAIL PROTECTED]
913.345.8900

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Session Tracking

[Arup Vidyerthy]

Does it not increment at all or does the increment counter gets reset and
starts all over again from 0. Basically if you want to keep the counter
incrementing everytime you access that page (or hit that that servlet) you
need to make it a static variable in your servlet/jsp.

-Original Message-
From: Raghaw Goswami [mailto:[EMAIL PROTECTED] 
Sent: 19 August 2005 14:46
To: tomcat-user@jakarta.apache.org
Subject: Session Tracking

Hi,
I have JDK 1.5 [J2SE 5.0 update 3], Tomcat 5.5.9,Win XP SP2,  Trying a e.g.
session tracking [The Session Tracking API] using HttpSession object.

The program works[ accessCount increments] when I don't close the current
browser and open new brwoser with CTRL + N, But if i quit the browser and
then start again accessCount does not increment. 

Would appreciate any help in this regards

Thanks in Advance
R.




__
Do you Yahoo!? 
Yahoo! Mail - You care about security. So do we. 
http://promotions.yahoo.com/new_mail

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





___ 
Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail 
http://uk.messenger.yahoo.com

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: session tracking

[Shapira, Yoav]

Hi,
Didn't anyone tell you to RTFM?  That's a bit surprising... Anyways,
RTFM at
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html on
the "cookies" context attribute.  Try setting it to false.

Yoav Shapira http://www.yoavshapira.com


>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>Sent: Saturday, November 06, 2004 2:54 PM
>To: Tomcat Users List
>Subject: session tracking
>
>Hi
>
>I already posted a question about how to disable cookie session
tracking in
>Tomcat 5.0, but received no response. I use an open filesystem, no
.war's.
>My
>scenario is this. My application is loaded into a cross-domain
frameset, so
>a
>user's session was not persitent across page requests. So I am
rewriting
>the
>urls and things are fine for the user, but my session listener tells me
a
>new
>session is still created for every page request. I think disabling
cookie
>may
>stop this.
>
>Thanks for any help.
>
>Steve
>
>--
>
>
>-
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]




This e-mail, including any attachments, is a confidential business 
communication, and may contain information that is confidential, proprietary 
and/or privileged.  This e-mail is intended only for the individual(s) to whom 
it is addressed, and may not be saved, copied, printed, disclosed or used by 
anyone else.  If you are not the(an) intended recipient, please immediately 
delete this e-mail from your computer system and notify the sender.  Thank you.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: session tracking enforcement

[David Wall]

> In my case it looks like I do have encode all URLs: firewall problem
> with stripping out sessionId left me with no choice ;) Is it right
> way of doing it?

ACK!  There's a firewall that's stripping out session ids from URLs but will
let cookies through?  There's a security no-brainer in charge...   Or
maybe it's just an Microsoft bigot in control, though "security no-brainer"
may still apply...  (Sorry -- sort of -- for my poor taste in jokes.)

I can't answer about "right way" since firewalls that block standard web
access will tend to cause standard web applications to no longer work.
That's like blocking port 80 and 443 and then saying that is it "right" to
make your web site work on port 8080.  It's the firewall that's messed up,
not your application.  Unfortunately, you may have to work with it
regardless of the poor decision of the firewall owner.

Certainly, if you want, you can use the redirect scheme to detect if the
cookie is there.  In fact, you can even just check if the session can be
maintained through the redirects since Tomcat will fall back to cookies if
it can for its session id.  And in the end, if your session works either
way, then you don't have to force people to use session cookies.  But people
who want to use ANY authenticated web application will have to allow session
cookeis or URL session ids because it's the way web applications handle
state management.  Good luck!

David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: session tracking enforcement

[Mark]

In my case it looks like I do have encode all URLs: firewall problem
with stripping out sessionId left me with no choice ;) Is it right
way of doing it?

Thanks a lot.
Mark.
--- David Wall <[EMAIL PROTECTED]> wrote:

> > But that's details, the main point I made still holds, and that's
> that
> > the Servlet Spec mandates Tomcat's behavior in this area.
> 
> Absolutely, Yoav!  I certainly didn't mean to imply anything
> negative about
> your response, only that the original inquiry could be
> handled/checked by
> his application fairly easily, even if the servlet spec doesn't
> allow it to
> be enforced through configuration.  Besides, when using servlets,
> it's
> really not much work to encode urls for those users who don't
> support
> cookies, and then you can handle a wider range of clients as you
> accurately
> pointed out.
> 
> David
> 
> 
>
-
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 




___
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: session tracking enforcement

[David Wall]

> But that's details, the main point I made still holds, and that's that
> the Servlet Spec mandates Tomcat's behavior in this area.

Absolutely, Yoav!  I certainly didn't mean to imply anything negative about
your response, only that the original inquiry could be handled/checked by
his application fairly easily, even if the servlet spec doesn't allow it to
be enforced through configuration.  Besides, when using servlets, it's
really not much work to encode urls for those users who don't support
cookies, and then you can handle a wider range of clients as you accurately
pointed out.

David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: session tracking enforcement

[Mark]

Is it true, that new sessionId will be resend if a new session get
created?
--- "Shapira, Yoav" <[EMAIL PROTECTED]> wrote:

> 
> Hi,
> 
> >Session cookies (those that don't persist) are becoming quite
> common
> >actually because even small devices are able to keep that bit of
> session
> >state quite easily.
> 
> Ahh yes, small devices.  Good point.  I based my earlier assertion
> on
> research I read recently showing a (and this is a good thing) jump
> in
> use of cookie blockers, popup blockers, spyware blockers, etc.  But
> I
> bet the authors didn't consider small portable devices like cell
> phones
> etc.
> 
> But that's details, the main point I made still holds, and that's
> that
> the Servlet Spec mandates Tomcat's behavior in this area.
> 
> Yoav
> 
> 
> 
> 
> This e-mail, including any attachments, is a confidential business
> communication, and may contain information that is confidential,
> proprietary and/or privileged.  This e-mail is intended only for
> the individual(s) to whom it is addressed, and may not be saved,
> copied, printed, disclosed or used by anyone else.  If you are not
> the(an) intended recipient, please immediately delete this e-mail
> from your computer system and notify the sender.  Thank you.
> 
> 
>
-
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 




___
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: session tracking enforcement

[Shapira, Yoav]

Hi,

>Session cookies (those that don't persist) are becoming quite common
>actually because even small devices are able to keep that bit of
session
>state quite easily.

Ahh yes, small devices.  Good point.  I based my earlier assertion on
research I read recently showing a (and this is a good thing) jump in
use of cookie blockers, popup blockers, spyware blockers, etc.  But I
bet the authors didn't consider small portable devices like cell phones
etc.

But that's details, the main point I made still holds, and that's that
the Servlet Spec mandates Tomcat's behavior in this area.

Yoav




This e-mail, including any attachments, is a confidential business communication, and 
may contain information that is confidential, proprietary and/or privileged.  This 
e-mail is intended only for the individual(s) to whom it is addressed, and may not be 
saved, copied, printed, disclosed or used by anyone else.  If you are not the(an) 
intended recipient, please immediately delete this e-mail from your computer system 
and notify the sender.  Thank you.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: session tracking enforcement

[David Wall]

> >Is there any way to enforce a session cookie (JSESSIONID)to be send
> >to the client (browser) from servlet.
>
> No, because the Servlet Spec says Servlet Container must work even on
> clients that don't support cookies (or have cookies turned off, which is
> becoming a more and more common use-case).

Session cookies (those that don't persist) are becoming quite common
actually because even small devices are able to keep that bit of session
state quite easily.  Also, device makers want their devices to work on the
widest variety of systems, and session cookies are used just about
everywhere, whereas URL rewriting is less common.  Nost web users allow
cookies, and fewer still restrict session cookies that comes from the
primary site (as opposed to one generated by those advertising goofs).

While the container may not support this enforcement, you could at least
warn users using a series of redirects.

1) On first load, if no session cookie exists (or your own session-oriented
cookie if you like), add the cookie and redirect to a cookie checker page.

2) If the cookie checker page does not detect the cookie, then it can
display a warning/error to the user telling them that session cookies are
required to use your site. If it finds the cookie, then it can redirect
either back to the main page or to whatever page you want them to go to next
since you know they have the cookie.

David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: session tracking enforcement

[Shapira, Yoav]

Hi,

>Is there any way to enforce a session cookie (JSESSIONID)to be send
>to the client (browser) from servlet.

No, because the Servlet Spec says Servlet Container must work even on
clients that don't support cookies (or have cookies turned off, which is
becoming a more and more common use-case).

Yoav



This e-mail, including any attachments, is a confidential business communication, and 
may contain information that is confidential, proprietary and/or privileged.  This 
e-mail is intended only for the individual(s) to whom it is addressed, and may not be 
saved, copied, printed, disclosed or used by anyone else.  If you are not the(an) 
intended recipient, please immediately delete this e-mail from your computer system 
and notify the sender.  Thank you.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Session Tracking based on the Client's IP

[Cox, Charlie]

What difference does it make what the sessionid is? the session will still
expire, so if you need to keep track of data by ip address instead of
sessions, store it in a database. You can always store the ipaddress in the
session and retrieve it just as you sould retrieve the session id.

The use of jsessionid is part of the spec and isn't likely to change.
Session id's are also made to be unique so that multiple people can use
different sessions from through the same proxy.

Charlie

> -Original Message-
> From: Jose Miguel Guzman Cassanello [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, November 21, 2002 7:32 AM
> To: Tomcat Users List
> Subject: Re: Session Tracking based on the Client's IP
> 
> 
> But, How can I change the SessionID, for using the Client IP 
> as the Index?
> The getSession() method retrieves the Session for the client, 
> based on the
> SessionID (that normally is based in Cookies or re-writed URLs)
> What I need is a way to "force" the SessionID to different value, for
> example, the Client IP.
> 
> Probably the best way, is simply define a Hashtable as a 
> Context Atributte,
> in order to store client status information indexed by the 
> Client IP, and
> don't use the Session Tracking API.
> 
> -JM
> 
> - Original Message -
> From: "vivek baliga" <[EMAIL PROTECTED]>
> To: "Tomcat Users List" <[EMAIL PROTECTED]>
> Sent: Thursday, November 21, 2002 9:01 AM
> Subject: Re: Session Tracking based on the Client's IP
> 
> 
> > Hi ,
> > request.getRemoteAddr() will give u the IP
> > Put time with session and compare when there is new request
> > jabs
> >
> >
> >
> > - Original Message -
> > From: "Power-Netz (Schwarz)" <[EMAIL PROTECTED]>
> > To: "Tomcat Users List" <[EMAIL PROTECTED]>
> > Sent: Thursday, November 21, 2002 3:33 PM
> > Subject: AW: Session Tracking based on the Client's IP
> >
> >
> > > > would have to punch in the code for verification, that 
> would definetly
> > > > defeat any script but is less convenient for the user. 
> I would prefer
> to
> > > > dynamically identify any individual user who uses my 
> service more
> > > > than say
> > > > 10-15  times in a minute and ban him for an hour or so.
> > >
> > > Set a cookie and ask for it :-)
> > >
> > > --
> > > To unsubscribe, e-mail:
> > <mailto:[EMAIL PROTECTED]>
> > > For additional commands, e-mail:
> > <mailto:[EMAIL PROTECTED]>
> > >
> >
> >
> > --
> > To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
> >
> 
> 
> --
> To unsubscribe, e-mail:   
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: 
> <mailto:[EMAIL PROTECTED]>
> 

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Session Tracking based on the Client's IP

[Jose Miguel Guzman Cassanello]

But, How can I change the SessionID, for using the Client IP as the Index?
The getSession() method retrieves the Session for the client, based on the
SessionID (that normally is based in Cookies or re-writed URLs)
What I need is a way to "force" the SessionID to different value, for
example, the Client IP.

Probably the best way, is simply define a Hashtable as a Context Atributte,
in order to store client status information indexed by the Client IP, and
don't use the Session Tracking API.

-JM

- Original Message -
From: "vivek baliga" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Thursday, November 21, 2002 9:01 AM
Subject: Re: Session Tracking based on the Client's IP


> Hi ,
> request.getRemoteAddr() will give u the IP
> Put time with session and compare when there is new request
> jabs
>
>
>
> - Original Message -
> From: "Power-Netz (Schwarz)" <[EMAIL PROTECTED]>
> To: "Tomcat Users List" <[EMAIL PROTECTED]>
> Sent: Thursday, November 21, 2002 3:33 PM
> Subject: AW: Session Tracking based on the Client's IP
>
>
> > > would have to punch in the code for verification, that would definetly
> > > defeat any script but is less convenient for the user. I would prefer
to
> > > dynamically identify any individual user who uses my service more
> > > than say
> > > 10-15  times in a minute and ban him for an hour or so.
> >
> > Set a cookie and ask for it :-)
> >
> > --
> > To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
> >
>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Session Tracking based on the Client's IP

[vivek baliga]

Hi ,
request.getRemoteAddr() will give u the IP
Put time with session and compare when there is new request
jabs



- Original Message -
From: "Power-Netz (Schwarz)" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Thursday, November 21, 2002 3:33 PM
Subject: AW: Session Tracking based on the Client's IP


> > would have to punch in the code for verification, that would definetly
> > defeat any script but is less convenient for the user. I would prefer to
> > dynamically identify any individual user who uses my service more
> > than say
> > 10-15  times in a minute and ban him for an hour or so.
>
> Set a cookie and ask for it :-)
>
> --
> To unsubscribe, e-mail:

> For additional commands, e-mail:

>


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Re: Session Tracking based on the Client's IP

[Jose Miguel Guzman Cassanello]

Thanks Norbert

In my environment, all client are well-know stations in a well-know network.
There isn't any NAT or FW, and the clients are not going to spoof their IPs
addresses.

Basically, I need to have a Session Status Table in memory, with some very
basic status info for each client, indexed by the client IP address.
This info should be shared among all the servlets in the application
(context).

Is there some way to customize the Session Tracking API, for using other
indexes (as the Client IP) instead JSESSIONs?

Thanks
Jose Miguel Guzman





- Original Message -
From: "Norbert Kuhnert" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Wednesday, November 20, 2002 1:51 PM
Subject: Re: Session Tracking based on the Client's IP


>
> Jose,
>
> Unfortunately, this approach would be somewhat unreliable, depending
> on the sites accessing Tomcat. Most corporate networks are protected
> by a firewall and many of the do "Dynamic Network Address Translation".
> Dynamic NAT is used to hide the real IP address of clients connected
> from the internal corporate network.
>
> So, all traffic passing out of the firewall to your site will appear
> to come from the same IP address.
>
> If your needs are to support know customers that don't have dynamic
> NAT, then a session management scheme based on IP address should
> be possible.
>
> I know that's probably not helpful, but maybe it will save you the
> time of working on a scheme that won't suit your requirements.
>
> Best regards,
>
> Norb
>
>
>
> Jose Miguel Guzman wrote:
> >
> > Hi Guys
> >
> > I need to track sessions based on the Client's IP, instead of using
Cookies
> > or URL re-writing.. (My clients don't support Cookies, and I cannot
re-write
> > the URL). I know this sounds useless, but believe me... this is what I
> > need ;-)
> >
> > I found that in the Catalina internal API there is a Manager class
> > (org.apache.catalina.Manager) that provides some methods to manipulate
the
> > Sessions base:
> >
> > Manager.findSession(java.lang.String id)
> > Manager.add(Session session)
> > etc..
> >
> > The problem is that I couldn't find a way get a reference for the
Manager,
> > from the servlet...
> > I was trying to do something like:
> >
> > Context context = request.getContext(); <== No such method
> > available
> > Manager manager = context.getManager();
> > String id = request.getRemoteAddr().toString();
> > Session sesion = manager.findSession(id);
> > if (sesion == null) {
> > sesion = manager.createSession();
> > sesion.setId(id);
> > }
> >
> > but the getContext() method is not available from the
> > javax.servlet.http.HttpServletRequest interface.. (It's only accesible
from
> > the internal org.apache.catalina.connector.RequestBase class).
> >
> > Is there a way to access some Manager class implementation (ManagerBase,
> > StatandardManager) within the servlet?
> > Do someone have some idea for facing this problem?
> >
> > Basically, I require to use the client IP address, as the only ID in the
> > Session base.
> > I would appreciate any help, from more experienced users...
> >
> > Thanks, very much...
> >
> > Jose Miguel Guzman
> > Santiago, Chile.
> >
> > PS: Sorry for my English..
> >
> > --
> > To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Session Tracking based on the Client's IP

[Kristján Rúnarsson]

Is there any way of keeping track of people that contact a site? I have 
had problems with people writing automated scripts to abuse a JSP based 
service. What they basically do is to write a script that fakes a http 
request sequence, pretending it is a browser like IExporer or Netscape. I 
realise that IP identification is not possible, I can not see a way to 
uniquely identify a user reliably. So banning users by IP could end up 
shutting alot of innocent users out.  Forcing users to create a user 
account would not  be an option. The only other option would be to follow 
Yahoo's example and generate a JPEG  with an alphanumeric code  the user 
would have to punch in the code for verification, that would definetly 
defeat any script but is less convenient for the user. I would prefer to 
dynamically identify any individual user who uses my service more than say 
10-15  times in a minute and ban him for an hour or so.

Mvh

KR

--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Re: Session Tracking based on the Client's IP

[Norbert Kuhnert]

Jose,

Unfortunately, this approach would be somewhat unreliable, depending
on the sites accessing Tomcat. Most corporate networks are protected
by a firewall and many of the do "Dynamic Network Address Translation".
Dynamic NAT is used to hide the real IP address of clients connected
from the internal corporate network.

So, all traffic passing out of the firewall to your site will appear 
to come from the same IP address. 

If your needs are to support know customers that don't have dynamic
NAT, then a session management scheme based on IP address should
be possible.

I know that's probably not helpful, but maybe it will save you the
time of working on a scheme that won't suit your requirements.

Best regards,

Norb



Jose Miguel Guzman wrote:
> 
> Hi Guys
> 
> I need to track sessions based on the Client's IP, instead of using Cookies
> or URL re-writing.. (My clients don't support Cookies, and I cannot re-write
> the URL). I know this sounds useless, but believe me... this is what I
> need ;-)
> 
> I found that in the Catalina internal API there is a Manager class
> (org.apache.catalina.Manager) that provides some methods to manipulate the
> Sessions base:
> 
> Manager.findSession(java.lang.String id)
> Manager.add(Session session)
> etc..
> 
> The problem is that I couldn't find a way get a reference for the Manager,
> from the servlet...
> I was trying to do something like:
> 
> Context context = request.getContext(); <== No such method
> available
> Manager manager = context.getManager();
> String id = request.getRemoteAddr().toString();
> Session sesion = manager.findSession(id);
> if (sesion == null) {
> sesion = manager.createSession();
> sesion.setId(id);
> }
> 
> but the getContext() method is not available from the
> javax.servlet.http.HttpServletRequest interface.. (It's only accesible from
> the internal org.apache.catalina.connector.RequestBase class).
> 
> Is there a way to access some Manager class implementation (ManagerBase,
> StatandardManager) within the servlet?
> Do someone have some idea for facing this problem?
> 
> Basically, I require to use the client IP address, as the only ID in the
> Session base.
> I would appreciate any help, from more experienced users...
> 
> Thanks, very much...
> 
> Jose Miguel Guzman
> Santiago, Chile.
> 
> PS: Sorry for my English..
> 
> --
> To unsubscribe, e-mail:   
> For additional commands, e-mail: 

--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Re: session tracking using URL rewriting & META=refresh

[Srinadh Karumuri]

It looks like no one had to deal with this earlier. I made a work around, 
not fancy but works.
I used:


and in this page for  etc., I used:
>

-Sri

At 10:27 AM 8/29/2002, Srinadh Karumuri wrote:
>Hi,
>
>I know there are two ways of session tracking in Tomcat 3.
>1. Cookies based: This is out of question as our customers do not want this.
>2. URL rewriting: We rewrite URLs using encodeURL(...) and worked fine for 
>more than a year.
>
>The problem started once we introduced the META-Refresh to forward user's 
>screen after time out when Javascript is OFF. The copy of the HTML source 
>from browser is as below:
>
>CONTENT="600;
>URL=../jsp/UserMessage.jsp;jsessionid=To1071mC22961575233267228At?msgid=1001&grace=120;">
>
>Since semi-colon marks the  end of URL, browser was not forwarding the 
>jsessionid. If I copy the URL into browser manually, it works fine.
>
>Q1. Is there a third way of session tracking? I remember reading somewhere 
>about keeping an hidden  field with name="jsessionid" in the page.
>
>Any help on this?
>
>Q2. I guess tomcat doesn't support any other character in the place of 
>semi-colon. Is there any way to escape this character in the META value?
>
>Note: We need to use Javascript OFF per customer's requirements.
>
>Thanks,
>Sri
>
>
>jsp/etrUserMessage.jsp;jsessionid=To1075mC2510161898001374At?msgid=1001&grac 
>e=120
>
>
>--
>To unsubscribe, e-mail:   
>For additional commands, e-mail: 


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Re: Session Tracking cookie

[Milt Epstein]

On Wed, 28 Aug 2002, Sarkar, Sudipta wrote:

> Hi,
>I am using Tocat 3.2.1 on Win 2000. As Tomcat uses a cookie name
> JSESSIONID to track httpsession, is there any way to change the name
> of this cookie.

I don't think so.  But why would you want to?

(Well, actually, you probably could, but you'd have to hack the source
code; and it's probably not a good idea all around.)

In very early versions of the spec, the name of the session cookie was
not mandated.  At some point, I don't recall, maybe 2.0, it was
mandated.  And that's probably a good thing -- it makes things clearer
and more portable.

Milt Epstein
Research Programmer
Systems and Technology Services (STS)
Campus Information Technologies and Educational Services (CITES)
University of Illinois at Urbana-Champaign (UIUC)
[EMAIL PROTECTED]


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Re: Session tracking problem with Tomcat 4.0.3, Apache 2.0.39 andmod_proxy

[Liam Morley]

Unfortunately I think you might need to run multiple instances of Tomcat 
in that case:( As you can't give multiple webapps a cookie with a "/" 
path. If you find any other solutions, however, please let me know:)

Liam Morley

Rick Mills wrote:

>Hi
>
>Thanks for that, it was exactly what was happening!
>
>Moving the context for the bodypainting WAR file to root, and changing the
>proxy pass to map http://www.bodypainting.co.uk/ to http://localhost:8000/
>has fixed the problem, and my session tracking now works as expected.
>
>I now need to work out a way of having more than one webapp using Apache
>virtual hosting where two or more domains both get mapped to / under Tomcat
>and get different webapps delivered. I'm running the Tomcat 4.0.3 which
>comes bundled with JBoss 3.0.0, so will probably have quite a challenge!
>
>Thanks for your help.
>
>Kind regards
>Rick Mills
>
>  
>
>>Rick,
>>
>>I'm pretty sure that this is the same issue that I've experienced.
>>First, try mapping to "/bodypainting/" instead of "/". See if you get a
>>cookie there. Then, if you have a browser that allows you to inspect
>>session cookies (mozilla is good for this), check the path of your
>>session cookie. You should find that it's "/bodypainting". The problem
>>is that the cookie path is determined by Tomcat, not by Apache, and
>>Tomcat gives every webapp a cookie with the path of the webapp as tomcat
>>would determine it; so since Tomcat thinks the path is "/bodypainting",
>>the cookie path doesn't change just because you're using mod_proxy. So
>>when you go to visit the page at "/", the cookie is ignored because it
>>doesn't have the right path.
>>
>>The only way I can think of to solve your issue so far is to solve the
>>path issue with Tomcat- you need to map your webapp to
>>'http://localhost:8000/' instead of
>>'http://localhost:8000/bodypainting/'. There are two ways I can think of
>>to do this:
>>
>>   1. move your 'bodypainting' webapp into the "ROOT" webapp.
>>   2. Uncomment and change the docBase path in server.xml: >  path="" docBase="bodypainting" debug="0"/>
>>
>>That should do the trick, hopefully. Let me know how that works for you.
>>Best of luck!
>>
>>Liam Morley
>>
>>
>
>
>
>--
>To unsubscribe, e-mail:   
>For additional commands, e-mail: 
>
>
>
>  
>


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Re: Session tracking problem with Tomcat 4.0.3, Apache 2.0.39 and mod_proxy

[Rick Mills]

Hi

Thanks for that, it was exactly what was happening!

Moving the context for the bodypainting WAR file to root, and changing the
proxy pass to map http://www.bodypainting.co.uk/ to http://localhost:8000/
has fixed the problem, and my session tracking now works as expected.

I now need to work out a way of having more than one webapp using Apache
virtual hosting where two or more domains both get mapped to / under Tomcat
and get different webapps delivered. I'm running the Tomcat 4.0.3 which
comes bundled with JBoss 3.0.0, so will probably have quite a challenge!

Thanks for your help.

Kind regards
Rick Mills

> Rick,
>
> I'm pretty sure that this is the same issue that I've experienced.
> First, try mapping to "/bodypainting/" instead of "/". See if you get a
> cookie there. Then, if you have a browser that allows you to inspect
> session cookies (mozilla is good for this), check the path of your
> session cookie. You should find that it's "/bodypainting". The problem
> is that the cookie path is determined by Tomcat, not by Apache, and
> Tomcat gives every webapp a cookie with the path of the webapp as tomcat
> would determine it; so since Tomcat thinks the path is "/bodypainting",
> the cookie path doesn't change just because you're using mod_proxy. So
> when you go to visit the page at "/", the cookie is ignored because it
> doesn't have the right path.
>
> The only way I can think of to solve your issue so far is to solve the
> path issue with Tomcat- you need to map your webapp to
> 'http://localhost:8000/' instead of
> 'http://localhost:8000/bodypainting/'. There are two ways I can think of
> to do this:
>
>1. move your 'bodypainting' webapp into the "ROOT" webapp.
>2. Uncomment and change the docBase path in server.xml:path="" docBase="bodypainting" debug="0"/>
>
> That should do the trick, hopefully. Let me know how that works for you.
> Best of luck!
>
> Liam Morley



--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Re: Session tracking problem with Tomcat 4.0.3, Apache 2.0.39 andmod_proxy

[Liam Morley]

Rick,

I'm pretty sure that this is the same issue that I've experienced. 
First, try mapping to "/bodypainting/" instead of "/". See if you get a 
cookie there. Then, if you have a browser that allows you to inspect 
session cookies (mozilla is good for this), check the path of your 
session cookie. You should find that it's "/bodypainting". The problem 
is that the cookie path is determined by Tomcat, not by Apache, and 
Tomcat gives every webapp a cookie with the path of the webapp as tomcat 
would determine it; so since Tomcat thinks the path is "/bodypainting", 
the cookie path doesn't change just because you're using mod_proxy. So 
when you go to visit the page at "/", the cookie is ignored because it 
doesn't have the right path.

The only way I can think of to solve your issue so far is to solve the 
path issue with Tomcat- you need to map your webapp to 
'http://localhost:8000/' instead of 
'http://localhost:8000/bodypainting/'. There are two ways I can think of 
to do this:

   1. move your 'bodypainting' webapp into the "ROOT" webapp.
   2. Uncomment and change the docBase path in server.xml: 

That should do the trick, hopefully. Let me know how that works for you. 
Best of luck!

Liam Morley



Rick Mills wrote:

>Hi
>
>I am experiencing a problem with session tracking when using Apache 2.0.39's
>mod_proxy module to connect to my Tomcat 4.0.3 instance.
>
>I have a servlet which checks to see if a session exists, and if not,
>creates a new session.
>
>When testing on a standalone instance of Tomcat, all works as expected. I
>start up a browser session to my site, and the servlet creates a new
>session; this session persists for subsequent requests to my site.
>
>However, when going via Apache to Tomcat over mod_proxy, my servlet is not
>recognising that I have already set up a session on subsequent calls to
>Tomcat, and is creating a new session each time.
>
>The "Virtual Host" configuration in Apache's httpd.conf to set up the proxy
>connection to Tomcat is as follows:
>
>
>ServerNamewww.bodypainting.co.uk
>ProxyPass/ http://localhost:8000/bodypainting/
>ProxyPassReverse / http://localhost:8000/bodypainting/
>
>
>The entry in my Tomcat server.xml for handling the proxy connection is as
>follows:
>
>port="8000" minProcessors="3" maxProcessors="75"
>proxyName="localhost:8000" proxyPort="80"/>
>
>Just wondered if anyone else had experienced anything similar, or if anyone
>has any ideas.
>
>Incidentally, I've already experimented with using mod_jk and mod_webapp to
>connect Apache to Tomcat, but found that mod_proxy was by far the simplest
>method, especially given that all content from my site will be served up by
>Tomcat, and I don't need any static pages served up by Apache.
>
>Kind regards
>Rick Mills
>
>
>
>--
>To unsubscribe, e-mail:   
>For additional commands, e-mail: 
>
>
>
>  
>


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Re: Session tracking between http to https

[Joel Rees]

mh asked:


> but I can't retreive session between my two servlet.
> 
> Can someone give me some code advice to perform this ?

Check the archives?




--
To unsubscribe:   
For additional commands: 
Troubles with the list: 

RE: Session Tracking throughout apps

[Wagoner, Mark]

Unfortunately, I think the answer to your question is "it depends".

You could code the controller servlet to handle all of the requests, in
which case you would want to make it as small and fast as possible.
Possibly get the session info, request a login if there is no session (if
that is a requirement) determine the next servlet and pass on the request.

You can also have different servlets for each of your request types (message
board, etc.) and, as long as they are all in the same context, they will
have access to the same session information.  The mappings for these would
go in the application's web.xml file rather than the server.xml file.  There
would be one context entry in server.xml which contains all of the different
servlet mappings.

If your apps are really totally unrelated other than sharing session info,
the multiple servlet mappings may be the most flexible.  If there is a good
deal of processing that has to be performed with each request regardless of
the target servlet (such as getting a JDBC connection) then the single
controller is probably better.

-Original Message-
From: Charles N. Harvey III [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 18, 2002 2:47 PM
To: Tomcat Users List
Subject: Session Tracking throughout apps


Hello list.
I'm not sure if this is a tomcat question or a java (servlet) question
so try not to get too angry if this is on the wrong board.

I am setting up my environment to use a controller servlet that
brokers all the requests that come in for the site.  About 80% of my
site are pages that will be served up this way, through the controller.
But the other 20% are seperate applications - message boards, photo
uploads, contests with registration.

What I am slightly confused about is, should the requests for these
apps also go through the controller servlet?  And if so I don't know
how yet - but I will find out.  If not (which is my current level of
knowledge) then each one gets its own mapping in server.xml and its
own directory structure.  If this is the case, how do I maintain session
across the rest of the site and these side apps?  I am pretty new to
java hence my confusion.  Can I just pass the session object from one
to the other?  Is there something special I have to implement?

Any help would be greatly appreciated.  And if this post is in the wrong
place just say so and I will find the appropriate java list to post to.

Thanks.

Charlie Harvey

--
To unsubscribe:   
For additional commands: 
Troubles with the list: 

--
To unsubscribe:   
For additional commands: 
Troubles with the list: 

RE: Session tracking across virtual hosts?

[Neil Aggarwal]

Craig:

Does the alias directive work in tomcat 3.2.3?

Here is what I put in my server.xml file:

  dev.leads-unlimited.com
  


You can try it by visiting
http://dev.JAMMConsulting.com/sessionTest/index.jsp

But, when I try visiting
http://dev.leads-unlimited.com/sessionTest/index.jsp
I get an error.

Thanks,
Neil.

--
Neil Aggarwal
JAMM Consulting, Inc.(972) 612-6056, http://www.JAMMConsulting.com
Custom Internet DevelopmentWebsites, Ecommerce, Java, databases

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Craig R. McClanahan
> Sent: Friday, December 07, 2001 10:38 PM
> To: Tomcat Users List
> Subject: RE: Session tracking across virtual hosts?
>
>
>
>
> On Fri, 7 Dec 2001, Neil Aggarwal wrote:
>
> > Date: Fri, 7 Dec 2001 21:14:47 -0600
> > From: Neil Aggarwal <[EMAIL PROTECTED]>
> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> > To: Tomcat Users List <[EMAIL PROTECTED]>
> > Subject: RE: Session tracking across virtual hosts?
> >
> > Craig:
> >
> > It is the same webapp, not two different ones.  We just
> > need to access it in two different ways, depending
> > on if we are using http or https.
> >
> > There has to be a way to do this since it is the SAME
> > application.
> >
>
> Try the  element inside a  element.  That declares the second
> host name to be an alias of the "real" one, and shares the same pool of
> webapps underneath.
>
>
> > Thanks,
> > Neil.
> >
>
> Craig
>
>
> > --
> > Neil Aggarwal
> > JAMM Consulting, Inc.(972) 612-6056, http://www.JAMMConsulting.com
> > Custom Internet DevelopmentWebsites, Ecommerce, Java, databases
> >
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED]]On Behalf Of Craig R.
> McClanahan
> > > Sent: Friday, December 07, 2001 6:13 PM
> > > To: Tomcat Users List
> > > Subject: Re: Session tracking across virtual hosts?
> > >
> > >
> > >
> > >
> > > On Fri, 7 Dec 2001, Neil Aggarwal wrote:
> > >
> > > > Date: Fri, 7 Dec 2001 13:18:32 -0600
> > > > From: Neil Aggarwal <[EMAIL PROTECTED]>
> > > > Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> > > > To: Tomcat-User <[EMAIL PROTECTED]>
> > > > Subject: Session tracking across virtual hosts?
> > > >
> > > > Hello:
> > > >
> > > > I am developing a web application that requires session tracking.
> > > >
> > > > Because we are using a virtual host with a shared SSL certificate,
> > > > we need to track sessions using two different hosts.  For example,
> > > > we need to use URLs like:
> > > >
> > > > http://www.virtdomain.com/appName/page.jsp
> > > > and
> > > > https://www.JAMMConsulting.com/appName/page.jsp
> > > >
> > > > Session tracking does not work across this scenario since the
> > > > domains are different.
> > > >
> > >
> > > By definition, sessions are scoped to a single web application, so you
> > > cannot even share them across two webapps on the same virtual host.
> > > You will need to use some other mechanism to share information between
> > > webapps -- perhaps using a database, or EJBs, or something like that.
> > >
> > > Craig
> > >
> > >
> > >
> > > --
> > > To unsubscribe:   <mailto:[EMAIL PROTECTED]>
> > > For additional commands: <mailto:[EMAIL PROTECTED]>
> > > Troubles with the list: <mailto:[EMAIL PROTECTED]>
> >
> > --
> > To unsubscribe:   <mailto:[EMAIL PROTECTED]>
> > For additional commands: <mailto:[EMAIL PROTECTED]>
> > Troubles with the list: <mailto:[EMAIL PROTECTED]>
> >
> >
>
>
> --
> To unsubscribe:   <mailto:[EMAIL PROTECTED]>
> For additional commands: <mailto:[EMAIL PROTECTED]>
> Troubles with the list: <mailto:[EMAIL PROTECTED]>


--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

RE: Session tracking across virtual hosts?

[Craig R. McClanahan]

On Fri, 7 Dec 2001, Neil Aggarwal wrote:

> Date: Fri, 7 Dec 2001 21:14:47 -0600
> From: Neil Aggarwal <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> To: Tomcat Users List <[EMAIL PROTECTED]>
> Subject: RE: Session tracking across virtual hosts?
>
> Craig:
>
> It is the same webapp, not two different ones.  We just
> need to access it in two different ways, depending
> on if we are using http or https.
>
> There has to be a way to do this since it is the SAME
> application.
>

Try the  element inside a  element.  That declares the second
host name to be an alias of the "real" one, and shares the same pool of
webapps underneath.


> Thanks,
>   Neil.
>

Craig


> --
> Neil Aggarwal
> JAMM Consulting, Inc.(972) 612-6056, http://www.JAMMConsulting.com
> Custom Internet DevelopmentWebsites, Ecommerce, Java, databases
>
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Craig R. McClanahan
> > Sent: Friday, December 07, 2001 6:13 PM
> > To: Tomcat Users List
> > Subject: Re: Session tracking across virtual hosts?
> >
> >
> >
> >
> > On Fri, 7 Dec 2001, Neil Aggarwal wrote:
> >
> > > Date: Fri, 7 Dec 2001 13:18:32 -0600
> > > From: Neil Aggarwal <[EMAIL PROTECTED]>
> > > Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> > > To: Tomcat-User <[EMAIL PROTECTED]>
> > > Subject: Session tracking across virtual hosts?
> > >
> > > Hello:
> > >
> > > I am developing a web application that requires session tracking.
> > >
> > > Because we are using a virtual host with a shared SSL certificate,
> > > we need to track sessions using two different hosts.  For example,
> > > we need to use URLs like:
> > >
> > > http://www.virtdomain.com/appName/page.jsp
> > > and
> > > https://www.JAMMConsulting.com/appName/page.jsp
> > >
> > > Session tracking does not work across this scenario since the
> > > domains are different.
> > >
> >
> > By definition, sessions are scoped to a single web application, so you
> > cannot even share them across two webapps on the same virtual host.
> > You will need to use some other mechanism to share information between
> > webapps -- perhaps using a database, or EJBs, or something like that.
> >
> > Craig
> >
> >
> >
> > --
> > To unsubscribe:   <mailto:[EMAIL PROTECTED]>
> > For additional commands: <mailto:[EMAIL PROTECTED]>
> > Troubles with the list: <mailto:[EMAIL PROTECTED]>
>
> --
> To unsubscribe:   <mailto:[EMAIL PROTECTED]>
> For additional commands: <mailto:[EMAIL PROTECTED]>
> Troubles with the list: <mailto:[EMAIL PROTECTED]>
>
>


--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

RE: Session tracking across virtual hosts?

[Neil Aggarwal]

Craig:

It is the same webapp, not two different ones.  We just
need to access it in two different ways, depending
on if we are using http or https.

There has to be a way to do this since it is the SAME
application.

Thanks,
Neil.

--
Neil Aggarwal
JAMM Consulting, Inc.(972) 612-6056, http://www.JAMMConsulting.com
Custom Internet DevelopmentWebsites, Ecommerce, Java, databases

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Craig R. McClanahan
> Sent: Friday, December 07, 2001 6:13 PM
> To: Tomcat Users List
> Subject: Re: Session tracking across virtual hosts?
> 
> 
> 
> 
> On Fri, 7 Dec 2001, Neil Aggarwal wrote:
> 
> > Date: Fri, 7 Dec 2001 13:18:32 -0600
> > From: Neil Aggarwal <[EMAIL PROTECTED]>
> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> > To: Tomcat-User <[EMAIL PROTECTED]>
> > Subject: Session tracking across virtual hosts?
> >
> > Hello:
> >
> > I am developing a web application that requires session tracking.
> >
> > Because we are using a virtual host with a shared SSL certificate,
> > we need to track sessions using two different hosts.  For example,
> > we need to use URLs like:
> >
> > http://www.virtdomain.com/appName/page.jsp
> > and
> > https://www.JAMMConsulting.com/appName/page.jsp
> >
> > Session tracking does not work across this scenario since the
> > domains are different.
> >
> 
> By definition, sessions are scoped to a single web application, so you
> cannot even share them across two webapps on the same virtual host.
> You will need to use some other mechanism to share information between
> webapps -- perhaps using a database, or EJBs, or something like that.
> 
> Craig
> 
> 
> 
> --
> To unsubscribe:   <mailto:[EMAIL PROTECTED]>
> For additional commands: <mailto:[EMAIL PROTECTED]>
> Troubles with the list: <mailto:[EMAIL PROTECTED]>

--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

Re: Session tracking across virtual hosts?

[Craig R. McClanahan]

On Fri, 7 Dec 2001, Neil Aggarwal wrote:

> Date: Fri, 7 Dec 2001 13:18:32 -0600
> From: Neil Aggarwal <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> To: Tomcat-User <[EMAIL PROTECTED]>
> Subject: Session tracking across virtual hosts?
>
> Hello:
>
> I am developing a web application that requires session tracking.
>
> Because we are using a virtual host with a shared SSL certificate,
> we need to track sessions using two different hosts.  For example,
> we need to use URLs like:
>
> http://www.virtdomain.com/appName/page.jsp
> and
> https://www.JAMMConsulting.com/appName/page.jsp
>
> Session tracking does not work across this scenario since the
> domains are different.
>

By definition, sessions are scoped to a single web application, so you
cannot even share them across two webapps on the same virtual host.
You will need to use some other mechanism to share information between
webapps -- perhaps using a database, or EJBs, or something like that.

Craig



--
To unsubscribe:   
For additional commands: 
Troubles with the list: 

RE: session tracking documents,how-to...

[Filip Hanik]

http://java.sun.com

look at the servlet specification

Filip

~
Namaste - I bow to the divine in you
~
Filip Hanik
Software Architect
[EMAIL PROTECTED]
www.filip.net
-Original Message-
From: João Folha [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 02, 2001 10:13 AM
To: [EMAIL PROTECTED]
Subject: Fw: session tracking documents,how-to...



- Original Message -
From: João Folha
To: [EMAIL PROTECTED]
Sent: Monday, April 02, 2001 4:42 PM
Subject: session tracking documents,how-to...


Hi there,
I need documents about session tracking.

Re: Session tracking not working - POSTing FORMs

[David Crooke]

David Crooke wrote:

> Use an encoded URL for the ACTION parameter of the FORM tag.

Side note - with JServ this works for POSTed forms, but wouldn't work with forms
using the GET method, since JServ used a querystring argument for its rewriting

>
>
> David Wall wrote:
>
> > > The most likely explanation is that you are using instance variables in
> > > your servlets, instead of local variables, to represent the information
> > > for a particular request.  These variables are shared across all of the
> > > simultaneous requests to the same servlet, so it's easy for one request to
> > > scribble on the data of another request.
> >
> > Does anybody know if session tracking -- when cookies are not enabled and
> > using encodeURL/encodeRedirectURL -- works across POST requests.  I've noted
> > that it seems okay with GET requests, but is there anything that needs to be
> > done to ensure that the session id is sent correctly for FORM POSTs?
> >
> > Davd

Re: Session tracking not working - POSTing FORMs

[David Crooke]

Use an encoded URL for the ACTION parameter of the FORM tag.

David Wall wrote:

> > The most likely explanation is that you are using instance variables in
> > your servlets, instead of local variables, to represent the information
> > for a particular request.  These variables are shared across all of the
> > simultaneous requests to the same servlet, so it's easy for one request to
> > scribble on the data of another request.
>
> Does anybody know if session tracking -- when cookies are not enabled and
> using encodeURL/encodeRedirectURL -- works across POST requests.  I've noted
> that it seems okay with GET requests, but is there anything that needs to be
> done to ensure that the session id is sent correctly for FORM POSTs?
>
> Davd

Re: Session tracking not working - POSTing FORMs

[Craig R. McClanahan]

On Fri, 23 Mar 2001, David Wall wrote:

> > The most likely explanation is that you are using instance variables in
> > your servlets, instead of local variables, to represent the information
> > for a particular request.  These variables are shared across all of the
> > simultaneous requests to the same servlet, so it's easy for one request to
> > scribble on the data of another request.
> 
> Does anybody know if session tracking -- when cookies are not enabled and
> using encodeURL/encodeRedirectURL -- works across POST requests.  I've noted
> that it seems okay with GET requests, but is there anything that needs to be
> done to ensure that the session id is sent correctly for FORM POSTs?
> 

As long as you remember to call response.encodeURL() around the value of
the action parameter on your  element, it will work fine.

i.e. if you were writing the element in a servlet:

writer.print(");

> Davd
> 
> 

Craig McClanahan

Re: Session tracking not working - POSTing FORMs

[David Wall]

> The most likely explanation is that you are using instance variables in
> your servlets, instead of local variables, to represent the information
> for a particular request.  These variables are shared across all of the
> simultaneous requests to the same servlet, so it's easy for one request to
> scribble on the data of another request.

Does anybody know if session tracking -- when cookies are not enabled and
using encodeURL/encodeRedirectURL -- works across POST requests.  I've noted
that it seems okay with GET requests, but is there anything that needs to be
done to ensure that the session id is sent correctly for FORM POSTs?

Davd

Re: Session tracking not working

[Craig R. McClanahan]

On Fri, 23 Mar 2001, Neil Aggarwal wrote:

> Hello:
> 
> I have tried tomcat 3.2.1 and 3.2.2 (4.0 bombed so I could not
> try it) and I am getting this problem:
> 
> I am creating a member-based site.  Each tiem a member
> logs in, I create a User object for them and store it
> as a session attribute.
> 
> Each page (In its header) checks for the presence of
> of that session attribute before showing the page.
> 
> For some reason, the member pages are coming up in a
> different session and the user is taken to a page
> that they are not logged it.
> 
> Is there a bug with the session tracking in Tomcat?
> 

The most likely explanation is that you are using instance variables in
your servlets, instead of local variables, to represent the information
for a particular request.  These variables are shared across all of the
simultaneous requests to the same servlet, so it's easy for one request to
scribble on the data of another request.

> Thanks,
>   Neil.
> 

Craig McClanahan

Re: Session Tracking Problem

[Kief Morris]

Rajeev Bakhru typed the following on 03:24 PM 1/17/2001 -0500
>On the  login jsp page in the application, I used a servlet and created a
>session with
>HttpSession session = req.getSession(true)
...
>Then on this page (b) , I used
> and passes the same variable again to
>the another page (c).

Check the actual HTML output here with cookies disabled in your browser
(disable cookies, or have it set to warn you, then close and re-open your
browser and test it). Does it put the session ID into the URL? If your browser
refuses to take the JSESSIONID cookie, the session ID should show up in
the URL. If not there's something wrong ...

>but on checking with getSession(false) it gives null and I could'nt  get the
>previous session.

Some other things to check:
- Are the URLs when you set and check the session both in the same domain,
  and both in the same webapp? If the root of your webapp (in web.xml) is /examples, 
  the cookie won't be available outside of that directory.
- SSL isn't involved is it? Sessions can be lost when crossing in and out of SSL.

Generally, just check the flow of the session ID with cookies disabled and see
where you lose it.

Kief


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Re: session tracking

[Kief Morris]

David Wall typed the following on 09:08 AM 1/15/2001 -0800
>> if (session == null) {
>>   session = request.getSession(true);
>>   response.sendRedirect(response.encodeURL());
>>   return;
>> }
>
>Since this is a redirect, why aren't you using response.encodeRedirectURL()?
>Does it not work?  What is the difference anyway between those two?

In 4.x the implementation of these methods are identical. I haven't looked
at 3.2, but I'm not sure why there would be any difference, but of course
you're right, the proper method should be used just because you never know!
Some other server might have a good reason for doing it differently.

Kief


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Re: session tracking

[David Wall]

> if (session == null) {
>   session = request.getSession(true);
>   response.sendRedirect(response.encodeURL());
>   return;
> }

Since this is a redirect, why aren't you using response.encodeRedirectURL()?
Does it not work?  What is the difference anyway between those two?

David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

RE: session tracking

[Christopher Kirk]

Once the ID appears on the URL, the user will be able to use the reload
button.

However, you will need to get the session id onto the URL in the first
place!

A reasonable way of doing this, in this example would be to redirect the
user..

Try something like this,


session = request.getSession(false);

if (session == null) {
  session = request.getSession(true);
  response.sendRedirect(response.encodeURL());
  return;
}


What this code does is it checks to see if a session already exists, if it
does
then it does nothing and will continue with your code.. but if a session
does
not exist then it will create one, and then encode it into a URL. The code
will
then ask the users browser to go to that URL, instead of the original URL
that they typed in.

The only difference between the two URLs is that one looks like this

http://www.foo.com/myservlet

and the other one will be

http://www.foo.com/myservlet?jsession=asf2e4234asdf


- Chris.

Brainbench MVP Java2

> -Original Message-
> From: Regis Muller [mailto:[EMAIL PROTECTED]]
> Sent: 15 January 2001 13:34
> To: [EMAIL PROTECTED]
> Subject: Re: session tracking
> 
> 
> Thanks but how could it work when clicking on netscape reload button ?
> 
> Christopher Kirk wrote:
> 
> > For session tracking to work, look at the following 2 methods
> >
> > resonse.encodeURL
> > and
> > response.encodeRedirectURL
> >
> > In this way, session tracking will only work when following 
> links because
> > URL re-writting requires a link to modify whereas cookies 
> go by the domain
> > within the HTTP request.
> >
> > So, to make your example work you would have to add
> >
> > Click me
> >
> > - Chris
> >
> > Brainbench MVP Java2
> >
> > > -Original Message-
> > > From: Regis Muller [mailto:[EMAIL PROTECTED]]
> > > Sent: 15 January 2001 11:05
> > > To: [EMAIL PROTECTED]
> > > Subject: session tracking
> > >
> > >
> > > Im a bit confused cuz I were told session tracking automatically
> > > switched from cookies to url rewriting when cookies arent 
> enabled in
> > > browser but it doesn't seem to work with this simple example :
> > > package coreservlets;
> > >
> > > import java.io.*;
> > > import javax.servlet.*;
> > > import javax.servlet.http.*;
> > > import java.net.*;
> > > import java.util.*;
> > >
> > > /** Simple example of session tracking.
> > >  *  Taken from Core Servlets and JavaServer Pages
> > >  *  from Prentice Hall and Sun Microsystems Press,
> > >  *  http://www.coreservlets.com/.
> > >  *  © 2000 Marty Hall; may be freely used or adapted.
> > >  */
> > >
> > > public class ShowSession extends HttpServlet {
> > >   public void doGet(HttpServletRequest request,
> > > HttpServletResponse response)
> > >   throws ServletException, IOException {
> > > response.setContentType("text/html");
> > > PrintWriter out = response.getWriter();
> > > String title = "Session Tracking Example";
> > > HttpSession session = request.getSession(true);
> > > String heading;
> > > // Use getAttribute instead of getValue in version 2.2.
> > > Integer accessCount =
> > >   (Integer)session.getAttribute("accessCount");
> > > if (accessCount == null) {
> > >   accessCount = new Integer(0);
> > >   heading = "Welcome, Newcomer";
> > > } else {
> > >   heading = "Welcome Back";
> > >   accessCount = new Integer(accessCount.intValue() + 1);
> > > }
> > > // Use setAttribute instead of putValue in version 2.2.
> > > session.setAttribute("accessCount", accessCount);
> > >
> > > out.println(ServletUtilities.headWithTitle(title) +
> > > "\n" +
> > > "" + heading + "\n" +
> > > "Information on Your Session:\n" +
> > > "\n" +
> > > "\n" +
> > > "  Info TypeValue\n" +
> > > "\n" +
> > > "  ID\n" +
> > > "  " + session.getId() + "\n" +
> > > "\n" +
> > > "  Creation Time\n&qu

RE: session tracking

[Michael Wentzel]

> 
> Thanks but how could it work when clicking on netscape reload button ?
> 

I haven't tried this but why not the below?

response.sendRedirect(response.encodeURL(address));

---
Michael Wentzel
Software Developer
http://www.aswethink.com">Software As We Think
mailto:[EMAIL PROTECTED]">Michael Wentzel

"Go play..." - Grandmaster Masaaki Hatsumi

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Re: session tracking

[Regis Muller]

Thanks but how could it work when clicking on netscape reload button ?

Christopher Kirk wrote:

> For session tracking to work, look at the following 2 methods
>
> resonse.encodeURL
> and
> response.encodeRedirectURL
>
> In this way, session tracking will only work when following links because
> URL re-writting requires a link to modify whereas cookies go by the domain
> within the HTTP request.
>
> So, to make your example work you would have to add
>
> Click me
>
> - Chris
>
> Brainbench MVP Java2
>
> > -Original Message-
> > From: Regis Muller [mailto:[EMAIL PROTECTED]]
> > Sent: 15 January 2001 11:05
> > To: [EMAIL PROTECTED]
> > Subject: session tracking
> >
> >
> > Im a bit confused cuz I were told session tracking automatically
> > switched from cookies to url rewriting when cookies arent enabled in
> > browser but it doesn't seem to work with this simple example :
> > package coreservlets;
> >
> > import java.io.*;
> > import javax.servlet.*;
> > import javax.servlet.http.*;
> > import java.net.*;
> > import java.util.*;
> >
> > /** Simple example of session tracking.
> >  *  Taken from Core Servlets and JavaServer Pages
> >  *  from Prentice Hall and Sun Microsystems Press,
> >  *  http://www.coreservlets.com/.
> >  *  © 2000 Marty Hall; may be freely used or adapted.
> >  */
> >
> > public class ShowSession extends HttpServlet {
> >   public void doGet(HttpServletRequest request,
> > HttpServletResponse response)
> >   throws ServletException, IOException {
> > response.setContentType("text/html");
> > PrintWriter out = response.getWriter();
> > String title = "Session Tracking Example";
> > HttpSession session = request.getSession(true);
> > String heading;
> > // Use getAttribute instead of getValue in version 2.2.
> > Integer accessCount =
> >   (Integer)session.getAttribute("accessCount");
> > if (accessCount == null) {
> >   accessCount = new Integer(0);
> >   heading = "Welcome, Newcomer";
> > } else {
> >   heading = "Welcome Back";
> >   accessCount = new Integer(accessCount.intValue() + 1);
> > }
> > // Use setAttribute instead of putValue in version 2.2.
> > session.setAttribute("accessCount", accessCount);
> >
> > out.println(ServletUtilities.headWithTitle(title) +
> > "\n" +
> > "" + heading + "\n" +
> > "Information on Your Session:\n" +
> > "\n" +
> > "\n" +
> > "  Info TypeValue\n" +
> > "\n" +
> > "  ID\n" +
> > "  " + session.getId() + "\n" +
> > "\n" +
> > "  Creation Time\n" +
> > "  " +
> > new Date(session.getCreationTime()) + "\n" +
> > "\n" +
> > "  Time of Last Access\n" +
> > "  " +
> > new Date(session.getLastAccessedTime()) + "\n" +
> > "\n" +
> > "  Number of Previous Accesses\n" +
> > "  " + accessCount + "\n" +
> > "\n" +
> > "");
> >
> >   }
> >
> >   /** Handle GET and POST requests identically. */
> >
> >   public void doPost(HttpServletRequest request,
> >  HttpServletResponse response)
> >   throws ServletException, IOException {
> > doGet(request, response);
> >   }
> > }
> >
> > Could anyone help me ? Is there a thing to configure to accept session
> > tracking ?
> >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, email: [EMAIL PROTECTED]
> >
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

RE: session tracking

[Christopher Kirk]

For session tracking to work, look at the following 2 methods

resonse.encodeURL
and
response.encodeRedirectURL


In this way, session tracking will only work when following links because
URL re-writting requires a link to modify whereas cookies go by the domain
within the HTTP request.

So, to make your example work you would have to add 

Click me


- Chris

Brainbench MVP Java2



> -Original Message-
> From: Regis Muller [mailto:[EMAIL PROTECTED]]
> Sent: 15 January 2001 11:05
> To: [EMAIL PROTECTED]
> Subject: session tracking
> 
> 
> Im a bit confused cuz I were told session tracking automatically
> switched from cookies to url rewriting when cookies arent enabled in
> browser but it doesn't seem to work with this simple example :
> package coreservlets;
> 
> import java.io.*;
> import javax.servlet.*;
> import javax.servlet.http.*;
> import java.net.*;
> import java.util.*;
> 
> /** Simple example of session tracking.
>  *  Taken from Core Servlets and JavaServer Pages
>  *  from Prentice Hall and Sun Microsystems Press,
>  *  http://www.coreservlets.com/.
>  *  © 2000 Marty Hall; may be freely used or adapted.
>  */
> 
> public class ShowSession extends HttpServlet {
>   public void doGet(HttpServletRequest request,
> HttpServletResponse response)
>   throws ServletException, IOException {
> response.setContentType("text/html");
> PrintWriter out = response.getWriter();
> String title = "Session Tracking Example";
> HttpSession session = request.getSession(true);
> String heading;
> // Use getAttribute instead of getValue in version 2.2.
> Integer accessCount =
>   (Integer)session.getAttribute("accessCount");
> if (accessCount == null) {
>   accessCount = new Integer(0);
>   heading = "Welcome, Newcomer";
> } else {
>   heading = "Welcome Back";
>   accessCount = new Integer(accessCount.intValue() + 1);
> }
> // Use setAttribute instead of putValue in version 2.2.
> session.setAttribute("accessCount", accessCount);
> 
> out.println(ServletUtilities.headWithTitle(title) +
> "\n" +
> "" + heading + "\n" +
> "Information on Your Session:\n" +
> "\n" +
> "\n" +
> "  Info TypeValue\n" +
> "\n" +
> "  ID\n" +
> "  " + session.getId() + "\n" +
> "\n" +
> "  Creation Time\n" +
> "  " +
> new Date(session.getCreationTime()) + "\n" +
> "\n" +
> "  Time of Last Access\n" +
> "  " +
> new Date(session.getLastAccessedTime()) + "\n" +
> "\n" +
> "  Number of Previous Accesses\n" +
> "  " + accessCount + "\n" +
> "\n" +
> "");
> 
>   }
> 
>   /** Handle GET and POST requests identically. */
> 
>   public void doPost(HttpServletRequest request,
>  HttpServletResponse response)
>   throws ServletException, IOException {
> doGet(request, response);
>   }
> }
> 
> Could anyone help me ? Is there a thing to configure to accept session
> tracking ?
> 
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
> 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]