Re: encodeRedirectURL URL rewrite not working
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greg, Greg Burrow wrote: I have two web applications in different context, one servlet will forward the request to a servlet in the other application using encodeRedirectURL and sendRedirect. NB that's a redirect, not a forward. The receiving servlet creates a new session and session attributes are lost. Are the two servlets in the same web application? GET /App1/RedirectServlet HTTP/1.1 [snip] GET /App2/LaunchServlet HTTP/1.1 Nope, they aren't. You didn't provide path details on the cookies in question. I suspect the first is tied to /App1 and the second to /App2. You need to use single-sign-in if you want sessions to be available across webapps. The same behavior occurs in Firefox and IE. Cookies are enabled in both browsers and crossContext=true in context.xml. Is this a bug in Tomcat or a problem with my method of redirect? Neither. It's a misunderstanding of the separation of sessions between webapps. Tomcat supports single-sign-in (SSI) which you can read about here: http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html#Single%20Sign%20On%20Valve - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkl6BToACgkQ9CaO5/Lv0PAO+ACZAYPf2r+6NWsMMSo9c0RzYGld XXQAoK4g9Pea/Ajysg5D7AYdfUSTB4Rk =SrHN -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: encodeRedirectURL URL rewrite not working
Hi Greg You may try this on App1: RequestDispatcher rd; rd = context.getContext(/App2).getRequestDispatcher(/LaunchServlet); rd.forward(request, response); Flavio Greg Burrow gregbur...@gmail.com gravou em 20/01/2009 18:44:18: Hello, I have two web applications in different context, one servlet will forward the request to a servlet in the other application using encodeRedirectURL and sendRedirect. The receiving servlet creates a new session and session attributes are lost. Running Tomcat 5.5.17. Here is the flow: GET /App1/RedirectServlet HTTP/1.1 Cookie: JSESSIONID=7AFACD0318419C34938B6410BB9A1937 RedirectServlet response.sendRedirect(response.encodeRedirectURL(/App2/LaunchServlet)); HTTP/1.x 302 Moved Temporarily GET /App2/LaunchServlet HTTP/1.1 (no cookie) HTTP/1.x 200 OK Set-Cookie: JSESSIONID=BE408BFD3480E29DF2A4278BCA3C1FC6; Path=/App2 The same behavior occurs in Firefox and IE. Cookies are enabled in both browsers and crossContext=true in context.xml. Is this a bug in Tomcat or a problem with my method of redirect? Thanks, Greg - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: encodeRedirectURL URL rewrite not working
2009/1/20 Greg Burrow gregbur...@gmail.com: Hello, I have two web applications in different context, one servlet will forward the request to a servlet in the other application using encodeRedirectURL and sendRedirect. The receiving servlet creates a new session and session attributes are lost. Running Tomcat 5.5.17. Here is the flow: GET /App1/RedirectServlet HTTP/1.1 Cookie: JSESSIONID=7AFACD0318419C34938B6410BB9A1937 RedirectServlet response.sendRedirect(response.encodeRedirectURL(/App2/LaunchServlet)); HTTP/1.x 302 Moved Temporarily GET /App2/LaunchServlet HTTP/1.1 (no cookie) HTTP/1.x 200 OK Set-Cookie: JSESSIONID=BE408BFD3480E29DF2A4278BCA3C1FC6; Path=/App2 The same behavior occurs in Firefox and IE. Cookies are enabled in both browsers and crossContext=true in context.xml. Is this a bug in Tomcat or a problem with my method of redirect? I do not understand, what are you expecting? Note, that according to the spec you cannot share a session between different web applications. That is, session ID can be the same, but the session object is different. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: encodeRedirectURL URL rewrite not working
Flavio, Thanks for the response. Once LaunchServlet in App2 is called it will start an applet. The RequestDispatcher.forward() will not change the context to App2 so the applet lookup will occur in App1 and fail. I was able to work around this by hard coding the codebase attribute in the applet to App2. Thanks, Greg On Wed, Jan 21, 2009 at 6:56 AM, Flavio Crispim flavio.cris...@sulamerica.com.br wrote: Hi Greg You may try this on App1: RequestDispatcher rd; rd = context.getContext(/App2).getRequestDispatcher(/LaunchServlet); rd.forward(request, response); Flavio Greg Burrow gregbur...@gmail.com gravou em 20/01/2009 18:44:18: Hello, I have two web applications in different context, one servlet will forward the request to a servlet in the other application using encodeRedirectURL and sendRedirect. The receiving servlet creates a new session and session attributes are lost. Running Tomcat 5.5.17. Here is the flow: GET /App1/RedirectServlet HTTP/1.1 Cookie: JSESSIONID=7AFACD0318419C34938B6410BB9A1937 RedirectServlet response.sendRedirect(response.encodeRedirectURL(/App2/LaunchServlet)); HTTP/1.x 302 Moved Temporarily GET /App2/LaunchServlet HTTP/1.1 (no cookie) HTTP/1.x 200 OK Set-Cookie: JSESSIONID=BE408BFD3480E29DF2A4278BCA3C1FC6; Path=/App2 The same behavior occurs in Firefox and IE. Cookies are enabled in both browsers and crossContext=true in context.xml. Is this a bug in Tomcat or a problem with my method of redirect? Thanks, Greg - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: encodeRedirectURL URL rewrite not working
Konstantin, My expectation was that the same session would be used by App2 after the redirect. The javadoc for HttpServletResponse. encodeRedirectURL looks clear that it should retain the session either by cookies or by URL rewriting. HttpServletResponse.encodeRedirectURL Encodes the specified URL for use in the sendRedirect method or, if encoding is not needed, returns the URL unchanged. The implementation of this method includes the logic to determine whether the session ID needs to be encoded in the URL. Because the rules for making this determination can differ from those used to decide whether to encode a normal link, this method is separated from the encodeURL method. All URLs sent to the HttpServletResponse.sendRedirect method should be run through this method. Otherwise, URL rewriting cannot be used with browsers which do not support cookies. I would expect the encodeRedirectURL to work as follows: 1 - Redirect to the same application context A - Cookies supported - Do not rewrite the URL B - Cookies not supported - Rewrite the URL to include session id 2 - Redirect to a different application context Always rewite the URL to include the session id. Thanks, Greg On Wed, Jan 21, 2009 at 7:55 AM, Konstantin Kolinko knst.koli...@gmail.com wrote: 2009/1/20 Greg Burrow gregbur...@gmail.com: Hello, I have two web applications in different context, one servlet will forward the request to a servlet in the other application using encodeRedirectURL and sendRedirect. The receiving servlet creates a new session and session attributes are lost. Running Tomcat 5.5.17. Here is the flow: GET /App1/RedirectServlet HTTP/1.1 Cookie: JSESSIONID=7AFACD0318419C34938B6410BB9A1937 RedirectServlet response.sendRedirect(response.encodeRedirectURL(/App2/LaunchServlet)); HTTP/1.x 302 Moved Temporarily GET /App2/LaunchServlet HTTP/1.1 (no cookie) HTTP/1.x 200 OK Set-Cookie: JSESSIONID=BE408BFD3480E29DF2A4278BCA3C1FC6; Path=/App2 The same behavior occurs in Firefox and IE. Cookies are enabled in both browsers and crossContext=true in context.xml. Is this a bug in Tomcat or a problem with my method of redirect? I do not understand, what are you expecting? Note, that according to the spec you cannot share a session between different web applications. That is, session ID can be the same, but the session object is different. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: encodeRedirectURL URL rewrite not working
Hi Greg, HttpServletResponse.sendRedirect(String) basically just commands the web browser proceed to another URL. It's like opening another browser window, typing the other URL in the Address bar, then hitting the Enter button. The session object created in the second web application is a new and different session object and does not know anything about the session object from the first web application. Regards, Karl Greg Burrow wrote: Hello, I have two web applications in different context, one servlet will forward the request to a servlet in the other application using encodeRedirectURL and sendRedirect. The receiving servlet creates a new session and session attributes are lost. Running Tomcat 5.5.17. Here is the flow: GET /App1/RedirectServlet HTTP/1.1 Cookie: JSESSIONID=7AFACD0318419C34938B6410BB9A1937 RedirectServlet response.sendRedirect(response.encodeRedirectURL(/App2/LaunchServlet)); HTTP/1.x 302 Moved Temporarily GET /App2/LaunchServlet HTTP/1.1 (no cookie) HTTP/1.x 200 OK Set-Cookie: JSESSIONID=BE408BFD3480E29DF2A4278BCA3C1FC6; Path=/App2 The same behavior occurs in Firefox and IE. Cookies are enabled in both browsers and crossContext=true in context.xml. Is this a bug in Tomcat or a problem with my method of redirect? Thanks, Greg - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: encodeRedirectURL URL rewrite not working
2009/1/21 Greg Burrow gregbur...@gmail.com: My expectation was that the same session would be used by App2 after the redirect. The javadoc for HttpServletResponse. encodeRedirectURL looks clear that it should retain the session either by cookies or by URL rewriting. I do not understand, what are you expecting? Note, that according to the spec you cannot share a session between different web applications. That is, session ID can be the same, but the session object is different. You should read chapter SRV.7.3 of the Servlet specification. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: encodeRedirectURL URL rewrite not working
Konstantin, The Servlet specification does make it clear, thanks for the suggestion. The HttpServletResponse.encodeRedirectURL javadoc on the other hand seems to contradict the specification. I now have a workaround for my application by using RequestDispatcher.forward and setting a new codebase in the jsp:plugin code. Thanks, Greg On Wed, Jan 21, 2009 at 10:37 AM, Konstantin Kolinko knst.koli...@gmail.com wrote: 2009/1/21 Greg Burrow gregbur...@gmail.com: My expectation was that the same session would be used by App2 after the redirect. The javadoc for HttpServletResponse. encodeRedirectURL looks clear that it should retain the session either by cookies or by URL rewriting. I do not understand, what are you expecting? Note, that according to the spec you cannot share a session between different web applications. That is, session ID can be the same, but the session object is different. You should read chapter SRV.7.3 of the Servlet specification. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
encodeRedirectURL URL rewrite not working
Hello, I have two web applications in different context, one servlet will forward the request to a servlet in the other application using encodeRedirectURL and sendRedirect. The receiving servlet creates a new session and session attributes are lost. Running Tomcat 5.5.17. Here is the flow: GET /App1/RedirectServlet HTTP/1.1 Cookie: JSESSIONID=7AFACD0318419C34938B6410BB9A1937 RedirectServlet response.sendRedirect(response.encodeRedirectURL(/App2/LaunchServlet)); HTTP/1.x 302 Moved Temporarily GET /App2/LaunchServlet HTTP/1.1 (no cookie) HTTP/1.x 200 OK Set-Cookie: JSESSIONID=BE408BFD3480E29DF2A4278BCA3C1FC6; Path=/App2 The same behavior occurs in Firefox and IE. Cookies are enabled in both browsers and crossContext=true in context.xml. Is this a bug in Tomcat or a problem with my method of redirect? Thanks, Greg