Joseph,
what servlet engine are you using ? Many of them provide ways to override
the default for session creation.
We had this same problem with JServ, as it try to send a cookie to set a
session, turning to the other mechanism if the cookie was not accepted.
As far as I know, there is no mean to force the browser to use URL -
rewriting , a session being a "server concept" .
Our solution for the Apache - JServ configuration was to introduce a new
property in the zone property file that enables or disables cookies for
session management : obviously enough, when cookies are disabled you have
to use URL - rewriting to set a session. The default mode is the original
one.
In the following you can find the patched lines from our version of
JServServletManager.java, hoping you can find it useful (I could as well
send the patch but the list server refuse messages longer than 300 lines)
I'll be on vacation for two weeks, so please excuse me in advance if I
won't immediately reply to other messages.
Antonio.
.
.
.
package org.apache.jserv;
.
.
.
.
// PATCH
/**
* default : true
*/
boolean sessionUseCookies;
.
.
.
public synchronized void init(JServSendError errorHandler) {
// Get the configurations from confFile
try {
confs = new Configurations(new
ExtendedProperties(confFile.getAbsolutePath()));
} catch (IOException e) {
JServ.fail("Could not read servlet zone configuration file", e);
}
this.initTimeout = confs.getLong("init.timeout", 7000);
this.destroyTimeout = confs.getLong("destroy.timeout", 7000);
this.sessionTimeout = confs.getLong("session.timeout", 1800000);
this.newSessionTimeout = confs.getLong("session.newtimeout",
1800000);
this.sessionCheckFrequency = confs.getLong("session.checkFrequency",
5000);
// PATCH START
this.sessionUseCookies = confs.getBoolean("session.useCookies",
true);
// PATCH END
this.checkFile = confs.getBoolean("autoreload.file", true);
.
.
.
.
.
public synchronized JServSession createSession(HttpServletResponse
response, String route) {
JServSession s = new JServSession(getIdentifier(route), this);
sessions.put(s.id, s);
// PATCH START
if (this.sessionUseCookies) {
// PATCH END
Cookie c = new Cookie(SESSION_IDENTIFIER, s.id);
// Removed to avoid BUG #2593 even if changing the behavior from
// virtual hosts to servlet zones already solved that problem.
// I don't know if a domain is ever needed in a cookie and if
// it is possible to set that domain using the servlet zone
instead of
// virtual hosts (that we don't know since multiple hosts may
share
// the same servlet zone)
//c.setDomain(name);
c.setPath("/");
response.addCookie(c);
} // PATCH
if (!JServ.TURBO && JServ.log.active)
JServ.log.log(CH_SERVLET_MANAGER, "Created session: " + s.id);
return s;
}
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
