You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Daniel Leffel <da...@gmail.com> on 2008/03/05 07:05:54 UTC
T5, SEO & and Stripping JSession Id effects
Hi,
We're in the process of developing a webapp using T5. The site leverages
session persistence on many pages, including a number of pages important for
the natural search content. It seems to us that levering a filter to strip
the jessionid from non-cookie enabled user agents would be an effective way
to keep jsessionids from popping up in the url. Other than insuring all
pages gracefully handle sessions which are effectively stateless (from
non-cookied enabled user agents), are there any other concerns we should be
thinking about?
Danny
Re: T5, SEO & and Stripping JSession Id effects
Posted by Daniel Leffel <da...@gmail.com>.
This is great. Thanks.
On Wed, Mar 5, 2008 at 9:57 AM, Josh Canfield <jo...@thedailytube.com> wrote:
> If you can avoid creating the session in the first place I think that
> would be the best thing to do. The google-able portion of my site
> <plug>www.thedailytube.com</plug> only uses the session for the search
> form. To avoid creating the session for the form I created a new
> persistent field strategy that only creates a session if the value
> being stored is non-null. Then, I extended the Tapestry Form component
> to hold onto the validator in a non-persisted field unless there are
> errors to maintain...
>
> Here is some code that you can use if you like:
>
> ****** NonNullSessionPersistentFieldStrategy.java, essentially a dupe
> of the SessionPersistentFieldStrategy with null check logic ****
>
> package com.thedailytube.ui.tapestry.services;
>
> import org.apache.tapestry.internal.services.PersistentFieldChangeImpl;
> import static
> org.apache.tapestry.ioc.internal.util.CollectionFactory.newList;
> import static org.apache.tapestry.ioc.internal.util.Defense.notBlank;
> import org.apache.tapestry.services.PersistentFieldChange;
> import org.apache.tapestry.services.PersistentFieldStrategy;
> import org.apache.tapestry.services.Request;
> import org.apache.tapestry.services.Session;
>
> import java.util.Collection;
> import java.util.Collections;
> import java.util.List;
>
> /**
> * Created by IntelliJ IDEA.
> * User: joshcanfield
> * Date: Oct 26, 2007
> */
> public class NonNullSessionPersistentFieldStrategy implements
> PersistentFieldStrategy {
> /**
> * Prefix used to identify keys stored in the session.
> */
> static final String PREFIX = "nonnull:";
>
> private final Request _request;
>
> protected NonNullSessionPersistentFieldStrategy(Request request) {
> _request = request;
> }
>
> public final Collection<PersistentFieldChange>
> gatherFieldChanges(String pageName) {
> Session session = _request.getSession(false);
>
> if (session == null) return Collections.emptyList();
>
> List<PersistentFieldChange> result = newList();
>
> String fullPrefix = PREFIX + pageName + ":";
>
> for (String name : session.getAttributeNames(fullPrefix)) {
> PersistentFieldChange change = buildChange(name, session.getAttribute
> (name));
>
> result.add(change);
> }
>
> return result;
> }
>
> private PersistentFieldChange buildChange(String name, Object attribute)
> {
> // TODO: Regexp is probably too expensive for what we need here.
> Maybe an IOC InternalUtils
> // method for this purpose?
>
> String[] chunks = name.split(":");
>
> // Will be empty string for the root component
> String componentId = chunks[2];
> String fieldName = chunks[3];
>
> return new PersistentFieldChangeImpl(componentId, fieldName, attribute);
> }
>
> public final void postChange(String pageName, String componentId,
> String fieldName, Object newValue) {
> notBlank(pageName, "pageName");
> notBlank(fieldName, "fieldName");
> StringBuilder builder = new StringBuilder(PREFIX);
> builder.append(pageName);
> builder.append(':');
>
> if (componentId != null) builder.append(componentId);
>
> builder.append(':');
> builder.append(fieldName);
> // because we don't want to create a session when the object is null
> Session session = _request.getSession(newValue != null);
> if (session != null) {
> session.setAttribute(builder.toString(), newValue);
> }
> }
>
> }
>
> ********************
> *** Form.java ****
> ********************
>
> package com.thedailytube.ui.tapestry.components;
>
> import org.apache.tapestry.ValidationTracker;
> import org.apache.tapestry.ValidationTrackerImpl;
> import org.apache.tapestry.annotations.Persist;
>
> /**
> * Overrides the core {@link
> org.apache.tapestry.corelib.components.Form} in order to store the
> validation tracker only
> * when there is something to track.
> * <p/>
> * Created by IntelliJ IDEA.
> * User: joshcanfield
> * Date: Oct 26, 2007
> */
> public class Form extends org.apache.tapestry.corelib.components.Form {
> @Persist("nonnull")
> private ValidationTracker _tracker;
>
> private ValidationTracker _nonPersistedTracker;
>
> public ValidationTracker getDefaultTracker() {
> if (_nonPersistedTracker == null) {
> if (_tracker != null) {
> // _tracker is loaded via injection magic when it's in the session
> _nonPersistedTracker = _tracker;
> } else {
> _nonPersistedTracker = new ValidationTrackerImpl();
> }
> }
> return _nonPersistedTracker;
> }
>
> public void setDefaultTracker(ValidationTracker defaultTracker) {
> _nonPersistedTracker = defaultTracker;
> }
>
>
> protected void onAction() {
> if (_nonPersistedTracker.getHasErrors()) {
> _tracker = _nonPersistedTracker;
> } else {
> _tracker = null;
> }
> }
>
> }
>
> Josh
>
>
> On Tue, Mar 4, 2008 at 10:05 PM, Daniel Leffel <da...@gmail.com>
> wrote:
> > Hi,
> > We're in the process of developing a webapp using T5. The site leverages
> > session persistence on many pages, including a number of pages important
> for
> > the natural search content. It seems to us that levering a filter to
> strip
> > the jessionid from non-cookie enabled user agents would be an effective
> way
> > to keep jsessionids from popping up in the url. Other than insuring all
> > pages gracefully handle sessions which are effectively stateless (from
> > non-cookied enabled user agents), are there any other concerns we should
> be
> > thinking about?
> >
> > Danny
> >
>
>
>
> --
> --
> TheDailyTube.com. Sign up and get the best new videos on the internet
> delivered fresh to your inbox.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
Re: T5, SEO & and Stripping JSession Id effects
Posted by Josh Canfield <jo...@thedailytube.com>.
If you can avoid creating the session in the first place I think that
would be the best thing to do. The google-able portion of my site
<plug>www.thedailytube.com</plug> only uses the session for the search
form. To avoid creating the session for the form I created a new
persistent field strategy that only creates a session if the value
being stored is non-null. Then, I extended the Tapestry Form component
to hold onto the validator in a non-persisted field unless there are
errors to maintain...
Here is some code that you can use if you like:
****** NonNullSessionPersistentFieldStrategy.java, essentially a dupe
of the SessionPersistentFieldStrategy with null check logic ****
package com.thedailytube.ui.tapestry.services;
import org.apache.tapestry.internal.services.PersistentFieldChangeImpl;
import static org.apache.tapestry.ioc.internal.util.CollectionFactory.newList;
import static org.apache.tapestry.ioc.internal.util.Defense.notBlank;
import org.apache.tapestry.services.PersistentFieldChange;
import org.apache.tapestry.services.PersistentFieldStrategy;
import org.apache.tapestry.services.Request;
import org.apache.tapestry.services.Session;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
/**
* Created by IntelliJ IDEA.
* User: joshcanfield
* Date: Oct 26, 2007
*/
public class NonNullSessionPersistentFieldStrategy implements
PersistentFieldStrategy {
/**
* Prefix used to identify keys stored in the session.
*/
static final String PREFIX = "nonnull:";
private final Request _request;
protected NonNullSessionPersistentFieldStrategy(Request request) {
_request = request;
}
public final Collection<PersistentFieldChange>
gatherFieldChanges(String pageName) {
Session session = _request.getSession(false);
if (session == null) return Collections.emptyList();
List<PersistentFieldChange> result = newList();
String fullPrefix = PREFIX + pageName + ":";
for (String name : session.getAttributeNames(fullPrefix)) {
PersistentFieldChange change = buildChange(name, session.getAttribute(name));
result.add(change);
}
return result;
}
private PersistentFieldChange buildChange(String name, Object attribute) {
// TODO: Regexp is probably too expensive for what we need here.
Maybe an IOC InternalUtils
// method for this purpose?
String[] chunks = name.split(":");
// Will be empty string for the root component
String componentId = chunks[2];
String fieldName = chunks[3];
return new PersistentFieldChangeImpl(componentId, fieldName, attribute);
}
public final void postChange(String pageName, String componentId,
String fieldName, Object newValue) {
notBlank(pageName, "pageName");
notBlank(fieldName, "fieldName");
StringBuilder builder = new StringBuilder(PREFIX);
builder.append(pageName);
builder.append(':');
if (componentId != null) builder.append(componentId);
builder.append(':');
builder.append(fieldName);
// because we don't want to create a session when the object is null
Session session = _request.getSession(newValue != null);
if (session != null) {
session.setAttribute(builder.toString(), newValue);
}
}
}
********************
*** Form.java ****
********************
package com.thedailytube.ui.tapestry.components;
import org.apache.tapestry.ValidationTracker;
import org.apache.tapestry.ValidationTrackerImpl;
import org.apache.tapestry.annotations.Persist;
/**
* Overrides the core {@link
org.apache.tapestry.corelib.components.Form} in order to store the
validation tracker only
* when there is something to track.
* <p/>
* Created by IntelliJ IDEA.
* User: joshcanfield
* Date: Oct 26, 2007
*/
public class Form extends org.apache.tapestry.corelib.components.Form {
@Persist("nonnull")
private ValidationTracker _tracker;
private ValidationTracker _nonPersistedTracker;
public ValidationTracker getDefaultTracker() {
if (_nonPersistedTracker == null) {
if (_tracker != null) {
// _tracker is loaded via injection magic when it's in the session
_nonPersistedTracker = _tracker;
} else {
_nonPersistedTracker = new ValidationTrackerImpl();
}
}
return _nonPersistedTracker;
}
public void setDefaultTracker(ValidationTracker defaultTracker) {
_nonPersistedTracker = defaultTracker;
}
protected void onAction() {
if (_nonPersistedTracker.getHasErrors()) {
_tracker = _nonPersistedTracker;
} else {
_tracker = null;
}
}
}
Josh
On Tue, Mar 4, 2008 at 10:05 PM, Daniel Leffel <da...@gmail.com> wrote:
> Hi,
> We're in the process of developing a webapp using T5. The site leverages
> session persistence on many pages, including a number of pages important for
> the natural search content. It seems to us that levering a filter to strip
> the jessionid from non-cookie enabled user agents would be an effective way
> to keep jsessionids from popping up in the url. Other than insuring all
> pages gracefully handle sessions which are effectively stateless (from
> non-cookied enabled user agents), are there any other concerns we should be
> thinking about?
>
> Danny
>
--
--
TheDailyTube.com. Sign up and get the best new videos on the internet
delivered fresh to your inbox.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5, SEO & and Stripping JSession Id effects
Posted by Daniel Leffel <da...@gmail.com>.
As someone who does a lot of SEO work, I'd be a big fan of that - although
clearly it'd be best to make sure the documentation spells that out (so that
a novice understands the associated trade-offs).
I'd venture to guess that there are a lot of T5 users who spend time trying
to do things (as Josh suggested) to prevent the need for sessions to be
created. However, I for one have found myself in the boat on more than one
occasion of having to spend a bit of time trying to find out why sessions
were being created only to find that a couple of nested components deep,
someone had placed a persist annotation without understanding the full
implications.
On Wed, Mar 5, 2008 at 1:46 PM, Howard Lewis Ship <hl...@gmail.com> wrote:
> Tapestry could add an option to NOT encode the session id into URLs,
> with the caveat that clients with cookies disabled would see degraded
> or non-functional behavior. Anyway, it's one of the advantages of
> having all URLs generated through a single piece of code.
>
> On Wed, Mar 5, 2008 at 11:42 AM, Filip S. Adamsen <fs...@fsadev.com> wrote:
> > Hi,
> >
> > I've been running a production application with a servlet filter that
> > strips the jsessionid for a couple of weeks now and everything's been
> > fine so far.
> >
> > -Filip
> >
> > Daniel Leffel skrev:
> >
> >
> > > Hi,
> > > We're in the process of developing a webapp using T5. The site
> leverages
> > > session persistence on many pages, including a number of pages
> important for
> > > the natural search content. It seems to us that levering a filter to
> strip
> > > the jessionid from non-cookie enabled user agents would be an
> effective way
> > > to keep jsessionids from popping up in the url. Other than insuring
> all
> > > pages gracefully handle sessions which are effectively stateless
> (from
> > > non-cookied enabled user agents), are there any other concerns we
> should be
> > > thinking about?
> > >
> > > Danny
> > >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> > For additional commands, e-mail: users-help@tapestry.apache.org
> >
> >
>
>
>
> --
> Howard M. Lewis Ship
>
> Creator Apache Tapestry and Apache HiveMind
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
Re: T5, SEO & and Stripping JSession Id effects
Posted by Massimo Lusetti <ml...@gmail.com>.
On Fri, Oct 10, 2008 at 3:41 PM, Andreas Andreou <an...@gmail.com> wrote:
> just add a filter like the one described at:
> http://randomcoder.com/articles/jsessionid-considered-harmful
A ServletFilter can do it but a T5 RequestFilter or Dispatcher can do
it too without have you to deal with Servlet spec.
--
Massimo
http://meridio.blogspot.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5, SEO & and Stripping JSession Id effects
Posted by Andreas Andreou <an...@gmail.com>.
just add a filter like the one described at:
http://randomcoder.com/articles/jsessionid-considered-harmful
On Fri, Oct 10, 2008 at 2:35 PM, Angelo Chen <an...@yahoo.com.hk> wrote:
>
> Hi Howard,
>
> Is this option already implemented? I need to strip the session id in the
> URLs.
>
>
> Howard Lewis Ship wrote:
>>
>> Tapestry could add an option to NOT encode the session id into URLs,
>> with the caveat that clients with cookies disabled would see degraded
>> or non-functional behavior. Anyway, it's one of the advantages of
>> having all URLs generated through a single piece of code.
>>
>> On Wed, Mar 5, 2008 at 11:42 AM, Filip S. Adamsen <fs...@fsadev.com> wrote:
>>> Hi,
>>>
>>> I've been running a production application with a servlet filter that
>>> strips the jsessionid for a couple of weeks now and everything's been
>>> fine so far.
>>>
>>> -Filip
>>>
>>> Daniel Leffel skrev:
>>>
>>>
>>> > Hi,
>>> > We're in the process of developing a webapp using T5. The site
>>> leverages
>>> > session persistence on many pages, including a number of pages
>>> important for
>>> > the natural search content. It seems to us that levering a filter to
>>> strip
>>> > the jessionid from non-cookie enabled user agents would be an
>>> effective way
>>> > to keep jsessionids from popping up in the url. Other than insuring
>>> all
>>> > pages gracefully handle sessions which are effectively stateless (from
>>> > non-cookied enabled user agents), are there any other concerns we
>>> should be
>>> > thinking about?
>>> >
>>> > Danny
>>> >
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>
>>>
>>
>>
>>
>> --
>> Howard M. Lewis Ship
>>
>> Creator Apache Tapestry and Apache HiveMind
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/T5%2C-SEO---and-Stripping-JSession-Id-effects-tp15843860p19916616.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
--
Andreas Andreou - andyhot@apache.org - http://blog.andyhot.gr
Tapestry / Tacos developer
Open Source / JEE Consulting
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5, SEO & and Stripping JSession Id effects
Posted by Angelo Chen <an...@yahoo.com.hk>.
Hi Howard,
Is this option already implemented? I need to strip the session id in the
URLs.
Howard Lewis Ship wrote:
>
> Tapestry could add an option to NOT encode the session id into URLs,
> with the caveat that clients with cookies disabled would see degraded
> or non-functional behavior. Anyway, it's one of the advantages of
> having all URLs generated through a single piece of code.
>
> On Wed, Mar 5, 2008 at 11:42 AM, Filip S. Adamsen <fs...@fsadev.com> wrote:
>> Hi,
>>
>> I've been running a production application with a servlet filter that
>> strips the jsessionid for a couple of weeks now and everything's been
>> fine so far.
>>
>> -Filip
>>
>> Daniel Leffel skrev:
>>
>>
>> > Hi,
>> > We're in the process of developing a webapp using T5. The site
>> leverages
>> > session persistence on many pages, including a number of pages
>> important for
>> > the natural search content. It seems to us that levering a filter to
>> strip
>> > the jessionid from non-cookie enabled user agents would be an
>> effective way
>> > to keep jsessionids from popping up in the url. Other than insuring
>> all
>> > pages gracefully handle sessions which are effectively stateless (from
>> > non-cookied enabled user agents), are there any other concerns we
>> should be
>> > thinking about?
>> >
>> > Danny
>> >
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>
>
>
> --
> Howard M. Lewis Ship
>
> Creator Apache Tapestry and Apache HiveMind
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/T5%2C-SEO---and-Stripping-JSession-Id-effects-tp15843860p19916616.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5, SEO & and Stripping JSession Id effects
Posted by Howard Lewis Ship <hl...@gmail.com>.
Tapestry could add an option to NOT encode the session id into URLs,
with the caveat that clients with cookies disabled would see degraded
or non-functional behavior. Anyway, it's one of the advantages of
having all URLs generated through a single piece of code.
On Wed, Mar 5, 2008 at 11:42 AM, Filip S. Adamsen <fs...@fsadev.com> wrote:
> Hi,
>
> I've been running a production application with a servlet filter that
> strips the jsessionid for a couple of weeks now and everything's been
> fine so far.
>
> -Filip
>
> Daniel Leffel skrev:
>
>
> > Hi,
> > We're in the process of developing a webapp using T5. The site leverages
> > session persistence on many pages, including a number of pages important for
> > the natural search content. It seems to us that levering a filter to strip
> > the jessionid from non-cookie enabled user agents would be an effective way
> > to keep jsessionids from popping up in the url. Other than insuring all
> > pages gracefully handle sessions which are effectively stateless (from
> > non-cookied enabled user agents), are there any other concerns we should be
> > thinking about?
> >
> > Danny
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
--
Howard M. Lewis Ship
Creator Apache Tapestry and Apache HiveMind
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5, SEO & and Stripping JSession Id effects
Posted by "Filip S. Adamsen" <fs...@fsadev.com>.
Hi,
I've been running a production application with a servlet filter that
strips the jsessionid for a couple of weeks now and everything's been
fine so far.
-Filip
Daniel Leffel skrev:
> Hi,
> We're in the process of developing a webapp using T5. The site leverages
> session persistence on many pages, including a number of pages important for
> the natural search content. It seems to us that levering a filter to strip
> the jessionid from non-cookie enabled user agents would be an effective way
> to keep jsessionids from popping up in the url. Other than insuring all
> pages gracefully handle sessions which are effectively stateless (from
> non-cookied enabled user agents), are there any other concerns we should be
> thinking about?
>
> Danny
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org