Re: non-cookie session tracking?
I have a huge tree of static html. Does this mean that anytime I serve a page, I would have to first parse all the URLs and run them each through the encodeURL method for every link that appears on every page? Is there another (more automatic) way? The performance hit seems prohibitive. theo Konrad Kamiñski wrote: Use response.encodeURL (url) for URL encoding with session tracking -Original Message- From: Daniel A. Theobald [mailto:[EMAIL PROTECTED]] Sent: Monday, November 13, 2000 4:20 PM To: [EMAIL PROTECTED] Subject: non-cookie session tracking? Does or will tomcat support automatic url rewriting for session tracking? Our client does not allow the use of cookies. Any suggestions? theo
RE: non-cookie session tracking?
That's the problem with not using cookies. Since (in most cases) you will be using tomcat in conjunction with some other web server (tomcats limited web server is not sufficient for heavy use), the web server will directly serve your static pages - tomcat will never see them. If you need to track a session across a link to static pages, then you need to make those pages dynamic and turn on URL rewriting in your dynamic code. Also, note that automatic rewriting is not a good idea in general. How does tomcat know which URLs to rewrite, and which ones not to? For instance, if your static pages refer to http://www.slashdot.org you probably don't want any rewrite to occur there. You may need to look at using an invisible (or very small) frame to enclose the static page requests inside of a small JSP/servlet to maintain your state. While I haven't thought it through completely, you may be able to use some tricky URL magic (like mod_rewrite I thnk on apache) to make your static links autmagically come through your JSP wrapper, which maintains the app state. WOuld probably be easier if all your static pages use relative links. Hmmm Hope this helps, Paul -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, November 13, 2000 11:47 AM To: [EMAIL PROTECTED] Subject: Re: non-cookie session tracking? I have a huge tree of static html. Does this mean that anytime I serve a page, I would have to first parse all the URLs and run them each through the encodeURL method for every link that appears on every page? Is there another (more automatic) way? The performance hit seems prohibitive. theo Konrad Kamiñski wrote: Use response.encodeURL (url) for URL encoding with session tracking -Original Message- From: Daniel A. Theobald [mailto:[EMAIL PROTECTED]] Sent: Monday, November 13, 2000 4:20 PM To: [EMAIL PROTECTED] Subject: non-cookie session tracking? Does or will tomcat support automatic url rewriting for session tracking? Our client does not allow the use of cookies. Any suggestions? theo
RE: non-cookie session tracking?
Title: RE: non-cookie session tracking?
Another option, assuming you know ahead of time which URLs on a page should have the session ID propagated, would be to use Javascript to grab the session ID off of the current page's URL, add it to the new page's URL, and then ask for the new page.
For example, each URL on your static HTML page can be changed as follows:
(old)
a href=myPage.htmlGo to myPage/a
(new)
a href=javascript:addSessionID('myPage.html')Go to myPage/a
The addSessionID() function can grab the sessionID value from the current URL, append it to the page name passed into the function, and then set location to the new URL.
Jay
-Original Message-
From: CPC Livelink Admin [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 13, 2000 11:04 AM
To: [EMAIL PROTECTED]
Subject: RE: non-cookie session tracking?
That's the problem with not using cookies. Since (in most cases) you will
be using tomcat in conjunction with some other web server (tomcats limited
web server is not sufficient for heavy use), the web server will directly
serve your static pages - tomcat will never see them. If you need to track a
session across a link to static pages, then you need to make those pages
dynamic and turn on URL rewriting in your dynamic code.
Also, note that automatic rewriting is not a good idea in general. How does
tomcat know which URLs to rewrite, and which ones not to? For instance, if
your static pages refer to http://www.slashdot.org you probably don't want
any rewrite to occur there.
You may need to look at using an invisible (or very small) frame to enclose
the static page requests inside of a small JSP/servlet to maintain your
state. While I haven't thought it through completely, you may be able to
use some tricky URL magic (like mod_rewrite I thnk on apache) to make your
static links autmagically come through your JSP wrapper, which maintains the
app state. WOuld probably be easier if all your static pages use relative
links. Hmmm
Hope this helps,
Paul
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 13, 2000 11:47 AM
To: [EMAIL PROTECTED]
Subject: Re: non-cookie session tracking?
I have a huge tree of static html. Does this mean that anytime I serve
a page, I would have to first parse all the URLs and run them each
through the encodeURL method for every link that appears on every page?
Is there another (more automatic) way? The performance hit seems
prohibitive.
theo
Konrad Kamiñski wrote:
Use response.encodeURL (url) for URL encoding with session tracking
-Original Message-
From: Daniel A. Theobald [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 13, 2000 4:20 PM
To: [EMAIL PROTECTED]
Subject: non-cookie session tracking?
Does or will tomcat support automatic url rewriting for session
tracking? Our client does not allow the use of cookies. Any
suggestions?
theo
Re: non-cookie session tracking?
This approach sounds promising, with much less of a performance hit than
doing it dynamically on the server side. Has anyone actually tried this
approach before?
The way the site works right now, any page that leaves the site is
brought up in a separate window anyway. So by the same token we could
have any url that needs to maintain session use the addSessionID
approach.
This project has many restrictions:
No cookies,
No frames,
Applets only when explicitly authorized.
All which ultimately hurt performance. One question I have is if every
single page in the entire site is generated from our main.jsp page, does
it do any good to integrate with Apache? My understanding is that
Apache would only serve the static pages requested directly. Is that
correct?
theo
"Burgess, Jay" wrote:
Another option, assuming you know ahead of time which URLs on a page
should have the session ID propagated, would be to use Javascript to
grab the session ID off of the current page's URL, add it to the new
page's URL, and then ask for the new page.
For example, each URL on your static HTML page can be changed as
follows:
(old)
a href="myPage.html"Go to myPage/a
(new)
a href="javascript:addSessionID('myPage.html')"Go to myPage/a
The addSessionID() function can grab the sessionID value from the
current URL, append it to the page name passed into the function, and
then set "location" to the new URL.
Jay
RE: non-cookie session tracking?
Title: RE: non-cookie session tracking?
Well,
for the first one, they don't have a session yet - so the JavaScript just needs
to be smart enough to behave when it's not there. As sson as they hit a
dynamic page, they will get a session, and then the 'static' pages can use
it.
-Original Message-From: Burgess, Jay
[mailto:[EMAIL PROTECTED]]Sent: Monday, November 13, 2000 02:18
PMTo: '[EMAIL PROTECTED]'Subject: RE:
non-cookie session tracking?
While our servlets use cookies for session handling, we use
this technique all the time with parameters other than session ID. I
thought it might be applicable to your problem.
However, now I'm wondering about the "bootstrap" case i.e. how
do you get the session ID onto the URL for the very FIRST page? Maybe
there's more to this than my original email implied.
Jay
-Original Message- From:
Daniel A. Theobald [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 13, 2000 12:14 PM To: [EMAIL PROTECTED] Subject: Re:
non-cookie session tracking?
This approach sounds promising, with much less of a
performance hit than doing it dynamically on the
server side. Has anyone actually tried this approach before?
The way the site works right now, any page that leaves the
site is brought up in a separate window anyway.
So by the same token we could have any url that needs
to maintain session use the addSessionID approach.
This project has many restrictions: No
cookies, No frames, Applets
only when explicitly authorized.
All which ultimately hurt performance. One question I
have is if every single page in the entire site is
generated from our main.jsp page, does it do any good
to integrate with Apache? My understanding is that Apache would only serve the static pages requested directly. Is
that correct?
theo
"Burgess, Jay" wrote:
Another option, assuming you know ahead of time
which URLs on a page should have the session ID
propagated, would be to use Javascript to grab
the session ID off of the current page's URL, add it to the new
page's URL, and then ask for the new page.
For example, each URL on
your static HTML page can be changed as
follows:
(old) a href="myPage.html"Go to
myPage/a
(new) a
href="javascript:addSessionID('myPage.html')"Go to myPage/a
The addSessionID() function
can grab the sessionID value from the current
URL, append it to the page name passed into the function, and then set "location" to the new URL.
Jay
