Re: non-cookie session tracking?
I have a huge tree of static html. Does this mean that anytime I serve a page, I would have to first parse all the URLs and run them each through the encodeURL method for every link that appears on every page? Is there another (more automatic) way? The performance hit seems prohibitive. theo Konrad Kamiñski wrote: Use response.encodeURL (url) for URL encoding with session tracking -Original Message- From: Daniel A. Theobald [mailto:[EMAIL PROTECTED]] Sent: Monday, November 13, 2000 4:20 PM To: [EMAIL PROTECTED] Subject: non-cookie session tracking? Does or will tomcat support automatic url rewriting for session tracking? Our client does not allow the use of cookies. Any suggestions? theo
RE: non-cookie session tracking?
That's the problem with not using cookies. Since (in most cases) you will be using tomcat in conjunction with some other web server (tomcats limited web server is not sufficient for heavy use), the web server will directly serve your static pages - tomcat will never see them. If you need to track a session across a link to static pages, then you need to make those pages dynamic and turn on URL rewriting in your dynamic code. Also, note that automatic rewriting is not a good idea in general. How does tomcat know which URLs to rewrite, and which ones not to? For instance, if your static pages refer to http://www.slashdot.org you probably don't want any rewrite to occur there. You may need to look at using an invisible (or very small) frame to enclose the static page requests inside of a small JSP/servlet to maintain your state. While I haven't thought it through completely, you may be able to use some tricky URL magic (like mod_rewrite I thnk on apache) to make your static links autmagically come through your JSP wrapper, which maintains the app state. WOuld probably be easier if all your static pages use relative links. Hmmm Hope this helps, Paul -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, November 13, 2000 11:47 AM To: [EMAIL PROTECTED] Subject: Re: non-cookie session tracking? I have a huge tree of static html. Does this mean that anytime I serve a page, I would have to first parse all the URLs and run them each through the encodeURL method for every link that appears on every page? Is there another (more automatic) way? The performance hit seems prohibitive. theo Konrad Kamiñski wrote: Use response.encodeURL (url) for URL encoding with session tracking -Original Message- From: Daniel A. Theobald [mailto:[EMAIL PROTECTED]] Sent: Monday, November 13, 2000 4:20 PM To: [EMAIL PROTECTED] Subject: non-cookie session tracking? Does or will tomcat support automatic url rewriting for session tracking? Our client does not allow the use of cookies. Any suggestions? theo
RE: non-cookie session tracking?
Title: RE: non-cookie session tracking? Another option, assuming you know ahead of time which URLs on a page should have the session ID propagated, would be to use Javascript to grab the session ID off of the current page's URL, add it to the new page's URL, and then ask for the new page. For example, each URL on your static HTML page can be changed as follows: (old) a href=myPage.htmlGo to myPage/a (new) a href=javascript:addSessionID('myPage.html')Go to myPage/a The addSessionID() function can grab the sessionID value from the current URL, append it to the page name passed into the function, and then set location to the new URL. Jay -Original Message- From: CPC Livelink Admin [mailto:[EMAIL PROTECTED]] Sent: Monday, November 13, 2000 11:04 AM To: [EMAIL PROTECTED] Subject: RE: non-cookie session tracking? That's the problem with not using cookies. Since (in most cases) you will be using tomcat in conjunction with some other web server (tomcats limited web server is not sufficient for heavy use), the web server will directly serve your static pages - tomcat will never see them. If you need to track a session across a link to static pages, then you need to make those pages dynamic and turn on URL rewriting in your dynamic code. Also, note that automatic rewriting is not a good idea in general. How does tomcat know which URLs to rewrite, and which ones not to? For instance, if your static pages refer to http://www.slashdot.org you probably don't want any rewrite to occur there. You may need to look at using an invisible (or very small) frame to enclose the static page requests inside of a small JSP/servlet to maintain your state. While I haven't thought it through completely, you may be able to use some tricky URL magic (like mod_rewrite I thnk on apache) to make your static links autmagically come through your JSP wrapper, which maintains the app state. WOuld probably be easier if all your static pages use relative links. Hmmm Hope this helps, Paul -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, November 13, 2000 11:47 AM To: [EMAIL PROTECTED] Subject: Re: non-cookie session tracking? I have a huge tree of static html. Does this mean that anytime I serve a page, I would have to first parse all the URLs and run them each through the encodeURL method for every link that appears on every page? Is there another (more automatic) way? The performance hit seems prohibitive. theo Konrad Kamiñski wrote: Use response.encodeURL (url) for URL encoding with session tracking -Original Message- From: Daniel A. Theobald [mailto:[EMAIL PROTECTED]] Sent: Monday, November 13, 2000 4:20 PM To: [EMAIL PROTECTED] Subject: non-cookie session tracking? Does or will tomcat support automatic url rewriting for session tracking? Our client does not allow the use of cookies. Any suggestions? theo
Re: non-cookie session tracking?
This approach sounds promising, with much less of a performance hit than doing it dynamically on the server side. Has anyone actually tried this approach before? The way the site works right now, any page that leaves the site is brought up in a separate window anyway. So by the same token we could have any url that needs to maintain session use the addSessionID approach. This project has many restrictions: No cookies, No frames, Applets only when explicitly authorized. All which ultimately hurt performance. One question I have is if every single page in the entire site is generated from our main.jsp page, does it do any good to integrate with Apache? My understanding is that Apache would only serve the static pages requested directly. Is that correct? theo "Burgess, Jay" wrote: Another option, assuming you know ahead of time which URLs on a page should have the session ID propagated, would be to use Javascript to grab the session ID off of the current page's URL, add it to the new page's URL, and then ask for the new page. For example, each URL on your static HTML page can be changed as follows: (old) a href="myPage.html"Go to myPage/a (new) a href="javascript:addSessionID('myPage.html')"Go to myPage/a The addSessionID() function can grab the sessionID value from the current URL, append it to the page name passed into the function, and then set "location" to the new URL. Jay
RE: non-cookie session tracking?
Title: RE: non-cookie session tracking? Well, for the first one, they don't have a session yet - so the JavaScript just needs to be smart enough to behave when it's not there. As sson as they hit a dynamic page, they will get a session, and then the 'static' pages can use it. -Original Message-From: Burgess, Jay [mailto:[EMAIL PROTECTED]]Sent: Monday, November 13, 2000 02:18 PMTo: '[EMAIL PROTECTED]'Subject: RE: non-cookie session tracking? While our servlets use cookies for session handling, we use this technique all the time with parameters other than session ID. I thought it might be applicable to your problem. However, now I'm wondering about the "bootstrap" case i.e. how do you get the session ID onto the URL for the very FIRST page? Maybe there's more to this than my original email implied. Jay -Original Message- From: Daniel A. Theobald [mailto:[EMAIL PROTECTED]] Sent: Monday, November 13, 2000 12:14 PM To: [EMAIL PROTECTED] Subject: Re: non-cookie session tracking? This approach sounds promising, with much less of a performance hit than doing it dynamically on the server side. Has anyone actually tried this approach before? The way the site works right now, any page that leaves the site is brought up in a separate window anyway. So by the same token we could have any url that needs to maintain session use the addSessionID approach. This project has many restrictions: No cookies, No frames, Applets only when explicitly authorized. All which ultimately hurt performance. One question I have is if every single page in the entire site is generated from our main.jsp page, does it do any good to integrate with Apache? My understanding is that Apache would only serve the static pages requested directly. Is that correct? theo "Burgess, Jay" wrote: Another option, assuming you know ahead of time which URLs on a page should have the session ID propagated, would be to use Javascript to grab the session ID off of the current page's URL, add it to the new page's URL, and then ask for the new page. For example, each URL on your static HTML page can be changed as follows: (old) a href="myPage.html"Go to myPage/a (new) a href="javascript:addSessionID('myPage.html')"Go to myPage/a The addSessionID() function can grab the sessionID value from the current URL, append it to the page name passed into the function, and then set "location" to the new URL. Jay