You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Raiden <ra...@wonko.inow.com> on 2002/12/03 07:13:47 UTC
Is there a solution to: jsessionid is ignored in a meta refresh?
Hello,
As is seen by searching the list archive, this problem has come up quite a
bit, but there doesn't seem to be an agreed upon solution.
The problem occurs in the following html code:
<meta http-equiv="Refresh"
content="0;URL=https://www.myserver.com/login/index.jsp;jsessionid=3E9F55499DCAE154870AD0FAE5B30C20?source=test">
The ;jsessionid is ignored by the browser. So, it appears that you cannot
maintain session through URL rewriting (cookies are off), if you use a
meta refresh.
One solution that I've seen is to replace the ; with a ?, so the browser
will accept and process the entire URL... and then intercept the browser's
request before it gets back to the tomcat instance, and change the ? back
to a ; (since I'm using Apache... I'd use mod_rewrite)
Are there any problems with this solution? Would a browser ever reject it
for having two ? 's? (one for the ;jsessionid and one for the normal
query string)
This seems like a pretty rough solution. Does anyone have any better
ideas?
Thanks,
Raiden
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Is there a solution to: jsessionid is ignored in a meta refresh?
Posted by Bill Barker <wb...@wilshire.com>.
I've since changed my app that I used for the suggestion to not use
meta-refresh. When it was working for me, I was using mod_jk 1.1.0 (the one
that ships with Tomcat 3.3.x), with:
JkOptions ForwardURICompat
The reason for this is that at the time I was only using TC 3.3. This will
send to Tomcat the URL with the ';' already decoded. At least with mod_jk
1.x, it shouldn't make that much of a difference, since the the mapping
logic should use the decoded URL to do the mapping (and, if I'm wrong, it's
a bug).
"Raiden" <ra...@wonko.inow.com> wrote in message
news:Pine.LNX.4.44.0212031533100.15606-100000@wonko.inow.com...
> Just to give everyone some information.... I tried Bill's idea to change
> the ; to a %3b on a different computer (has a newer Redhat o/s, same
> version of tomcat, a slightly older version of Apache, and possibly a
> slightly different version of mod_jk), and it worked fine... both when
> including additional path to a page, and when not.
>
> So, it appears that the error I was getting below on the first machine was
> due to a potentially buggy version/configuration in one of the above
> mentioned software packages... and I have not yet isolated which. But,
> it does at least work correctly one one of my machines, which means the
> other machines should also work with this method.... once I find out what
> is configured incorrectly.
>
> Thanks Bill!
>
> -Raiden
>
>
>
> On Tue, 3 Dec 2002, Raiden wrote:
>
> > Hello,
> >
> > This ALMOST seems to work. I can't tell if I'm having a problem with
> > Apache, or it's a problem with Tomcat.
> >
> > ## It works for a URL like:
> > #http://www.myserver.com/%3bjsessionid=BC2DC8F1FACFD95501ED6A2A0BC9F5E2
> > #
> >
> > ## But, it doesn't seem to work for a URL like:
> >
#http://www.myserver.com/login/index.jsp%3bjsessionid=BC2DC8F1FACFD95501ED6A
2A0BC9F5E2
> > #
> >
> > The addition of the "login/index.jsp" results in the following error:
> >
> > HTTP Status 404 -
> > /login/index.jsp%3bjsessionid=BC2DC8F1FACFD95501ED6A2A0BC9F5E2
> >
>
> --------------------------------------------------------------------------
----
> >
> > type Status report
> >
> > message /login/index.jsp%3bjsessionid=BC2DC8F1FACFD95501ED6A2A0BC9F5E2
> >
> > description The requested resource
> > (/login/index.jsp%3bjsessionid=BC2DC8F1FACFD95501ED6A2A0BC9F5E2) is
not
> > available.
> >
> >
>
> --------------------------------------------------------------------------
------
> >
> > Apache Tomcat/4.1.12
> >
> >
> > It looks like the %3b was translated for (or by?) Tomcat when there was
> > no speific page given. Any ideas?
> >
> > Thanks,
> > Raiden
> >
> >
> >
> > On Mon, 2 Dec 2002, Bill Barker wrote:
> >
> > > Try encoding the ';' as follows:
> > >
> > > <%
> > > String refresh =
> > > response.encodeURL("https://www.myserver.com/login/index.jsp");
> > > int jssid = refresh.indexOf(";jsessionid");
> > > if(jssid > 0) {
> > > refresh = refesh.substring(0, jssid) + "%3b" +
> > > refresh.substring(jssid+1);
> > > }
> > > %>
> > > <META http-equiv="refresh" CONTENT="0; URL=<%= refresh %>">
> > >
> > > "Raiden" <ra...@wonko.inow.com> wrote in message
> > > news:Pine.LNX.4.44.0212022205490.8723-100000@wonko.inow.com...
> > > > Hello,
> > > >
> > > > As is seen by searching the list archive, this problem has come up
quite a
> > > > bit, but there doesn't seem to be an agreed upon solution.
> > > >
> > > > The problem occurs in the following html code:
> > > >
> > > > <meta http-equiv="Refresh"
> > > >
> > >
content="0;URL=https://www.myserver.com/login/index.jsp;jsessionid=3E9F55499
> > > DCAE154870AD0FAE5B30C20?source=test">
> > > >
> > > > The ;jsessionid is ignored by the browser. So, it appears that you
cannot
> > > > maintain session through URL rewriting (cookies are off), if you use
a
> > > > meta refresh.
> > > >
> > > > One solution that I've seen is to replace the ; with a ?, so the
browser
> > > > will accept and process the entire URL... and then intercept the
browser's
> > > > request before it gets back to the tomcat instance, and change the ?
back
> > > > to a ; (since I'm using Apache... I'd use mod_rewrite)
> > > >
> > > > Are there any problems with this solution? Would a browser ever
reject it
> > > > for having two ? 's? (one for the ;jsessionid and one for the
normal
> > > > query string)
> > > >
> > > > This seems like a pretty rough solution. Does anyone have any
better
> > > > ideas?
> > > >
> > > > Thanks,
> > > > Raiden
> > >
> > >
> > >
> > >
> > >
> > > --
> > > To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> > > For additional commands, e-mail:
<ma...@jakarta.apache.org>
> > >
> >
> >
> > --
> > To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> > For additional commands, e-mail:
<ma...@jakarta.apache.org>
> >
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Is there a solution to: jsessionid is ignored in a meta refresh?
Posted by Raiden <ra...@wonko.inow.com>.
Just to give everyone some information.... I tried Bill's idea to change
the ; to a %3b on a different computer (has a newer Redhat o/s, same
version of tomcat, a slightly older version of Apache, and possibly a
slightly different version of mod_jk), and it worked fine... both when
including additional path to a page, and when not.
So, it appears that the error I was getting below on the first machine was
due to a potentially buggy version/configuration in one of the above
mentioned software packages... and I have not yet isolated which. But,
it does at least work correctly one one of my machines, which means the
other machines should also work with this method.... once I find out what
is configured incorrectly.
Thanks Bill!
-Raiden
On Tue, 3 Dec 2002, Raiden wrote:
> Hello,
>
> This ALMOST seems to work. I can't tell if I'm having a problem with
> Apache, or it's a problem with Tomcat.
>
> ## It works for a URL like:
> #http://www.myserver.com/%3bjsessionid=BC2DC8F1FACFD95501ED6A2A0BC9F5E2
> #
>
> ## But, it doesn't seem to work for a URL like:
> #http://www.myserver.com/login/index.jsp%3bjsessionid=BC2DC8F1FACFD95501ED6A2A0BC9F5E2
> #
>
> The addition of the "login/index.jsp" results in the following error:
>
> HTTP Status 404 -
> /login/index.jsp%3bjsessionid=BC2DC8F1FACFD95501ED6A2A0BC9F5E2
>
> ------------------------------------------------------------------------------
>
> type Status report
>
> message /login/index.jsp%3bjsessionid=BC2DC8F1FACFD95501ED6A2A0BC9F5E2
>
> description The requested resource
> (/login/index.jsp%3bjsessionid=BC2DC8F1FACFD95501ED6A2A0BC9F5E2) is not
> available.
>
>
> --------------------------------------------------------------------------------
>
> Apache Tomcat/4.1.12
>
>
> It looks like the %3b was translated for (or by?) Tomcat when there was
> no speific page given. Any ideas?
>
> Thanks,
> Raiden
>
>
>
> On Mon, 2 Dec 2002, Bill Barker wrote:
>
> > Try encoding the ';' as follows:
> >
> > <%
> > String refresh =
> > response.encodeURL("https://www.myserver.com/login/index.jsp");
> > int jssid = refresh.indexOf(";jsessionid");
> > if(jssid > 0) {
> > refresh = refesh.substring(0, jssid) + "%3b" +
> > refresh.substring(jssid+1);
> > }
> > %>
> > <META http-equiv="refresh" CONTENT="0; URL=<%= refresh %>">
> >
> > "Raiden" <ra...@wonko.inow.com> wrote in message
> > news:Pine.LNX.4.44.0212022205490.8723-100000@wonko.inow.com...
> > > Hello,
> > >
> > > As is seen by searching the list archive, this problem has come up quite a
> > > bit, but there doesn't seem to be an agreed upon solution.
> > >
> > > The problem occurs in the following html code:
> > >
> > > <meta http-equiv="Refresh"
> > >
> > content="0;URL=https://www.myserver.com/login/index.jsp;jsessionid=3E9F55499
> > DCAE154870AD0FAE5B30C20?source=test">
> > >
> > > The ;jsessionid is ignored by the browser. So, it appears that you cannot
> > > maintain session through URL rewriting (cookies are off), if you use a
> > > meta refresh.
> > >
> > > One solution that I've seen is to replace the ; with a ?, so the browser
> > > will accept and process the entire URL... and then intercept the browser's
> > > request before it gets back to the tomcat instance, and change the ? back
> > > to a ; (since I'm using Apache... I'd use mod_rewrite)
> > >
> > > Are there any problems with this solution? Would a browser ever reject it
> > > for having two ? 's? (one for the ;jsessionid and one for the normal
> > > query string)
> > >
> > > This seems like a pretty rough solution. Does anyone have any better
> > > ideas?
> > >
> > > Thanks,
> > > Raiden
> >
> >
> >
> >
> >
> > --
> > To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> > For additional commands, e-mail: <ma...@jakarta.apache.org>
> >
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Is there a solution to: jsessionid is ignored in a meta refresh?
Posted by Raiden <ra...@wonko.inow.com>.
Hello,
This ALMOST seems to work. I can't tell if I'm having a problem with
Apache, or it's a problem with Tomcat.
## It works for a URL like:
#http://www.myserver.com/%3bjsessionid=BC2DC8F1FACFD95501ED6A2A0BC9F5E2
#
## But, it doesn't seem to work for a URL like:
#http://www.myserver.com/login/index.jsp%3bjsessionid=BC2DC8F1FACFD95501ED6A2A0BC9F5E2
#
The addition of the "login/index.jsp" results in the following error:
HTTP Status 404 -
/login/index.jsp%3bjsessionid=BC2DC8F1FACFD95501ED6A2A0BC9F5E2
------------------------------------------------------------------------------
type Status report
message /login/index.jsp%3bjsessionid=BC2DC8F1FACFD95501ED6A2A0BC9F5E2
description The requested resource
(/login/index.jsp%3bjsessionid=BC2DC8F1FACFD95501ED6A2A0BC9F5E2) is not
available.
--------------------------------------------------------------------------------
Apache Tomcat/4.1.12
It looks like the %3b was translated for (or by?) Tomcat when there was
no speific page given. Any ideas?
Thanks,
Raiden
On Mon, 2 Dec 2002, Bill Barker wrote:
> Try encoding the ';' as follows:
>
> <%
> String refresh =
> response.encodeURL("https://www.myserver.com/login/index.jsp");
> int jssid = refresh.indexOf(";jsessionid");
> if(jssid > 0) {
> refresh = refesh.substring(0, jssid) + "%3b" +
> refresh.substring(jssid+1);
> }
> %>
> <META http-equiv="refresh" CONTENT="0; URL=<%= refresh %>">
>
> "Raiden" <ra...@wonko.inow.com> wrote in message
> news:Pine.LNX.4.44.0212022205490.8723-100000@wonko.inow.com...
> > Hello,
> >
> > As is seen by searching the list archive, this problem has come up quite a
> > bit, but there doesn't seem to be an agreed upon solution.
> >
> > The problem occurs in the following html code:
> >
> > <meta http-equiv="Refresh"
> >
> content="0;URL=https://www.myserver.com/login/index.jsp;jsessionid=3E9F55499
> DCAE154870AD0FAE5B30C20?source=test">
> >
> > The ;jsessionid is ignored by the browser. So, it appears that you cannot
> > maintain session through URL rewriting (cookies are off), if you use a
> > meta refresh.
> >
> > One solution that I've seen is to replace the ; with a ?, so the browser
> > will accept and process the entire URL... and then intercept the browser's
> > request before it gets back to the tomcat instance, and change the ? back
> > to a ; (since I'm using Apache... I'd use mod_rewrite)
> >
> > Are there any problems with this solution? Would a browser ever reject it
> > for having two ? 's? (one for the ;jsessionid and one for the normal
> > query string)
> >
> > This seems like a pretty rough solution. Does anyone have any better
> > ideas?
> >
> > Thanks,
> > Raiden
>
>
>
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Is there a solution to: jsessionid is ignored in a meta refresh?
Posted by Raiden <ra...@wonko.inow.com>.
Hello,
Thanks for the reply. This will still require a rewrite, correct? I
tried the code, and the browser sends back %3b in the subsequent
request... which tomcat does not decode. So, using your example below,
I'll still need to have apache rewrite the %3b to a ; before tomcat gets
the request?
Thanks,
Raiden
On Mon, 2 Dec 2002, Bill Barker wrote:
> Try encoding the ';' as follows:
>
> <%
> String refresh =
> response.encodeURL("https://www.myserver.com/login/index.jsp");
> int jssid = refresh.indexOf(";jsessionid");
> if(jssid > 0) {
> refresh = refesh.substring(0, jssid) + "%3b" +
> refresh.substring(jssid+1);
> }
> %>
> <META http-equiv="refresh" CONTENT="0; URL=<%= refresh %>">
>
> "Raiden" <ra...@wonko.inow.com> wrote in message
> news:Pine.LNX.4.44.0212022205490.8723-100000@wonko.inow.com...
> > Hello,
> >
> > As is seen by searching the list archive, this problem has come up quite a
> > bit, but there doesn't seem to be an agreed upon solution.
> >
> > The problem occurs in the following html code:
> >
> > <meta http-equiv="Refresh"
> >
> content="0;URL=https://www.myserver.com/login/index.jsp;jsessionid=3E9F55499
> DCAE154870AD0FAE5B30C20?source=test">
> >
> > The ;jsessionid is ignored by the browser. So, it appears that you cannot
> > maintain session through URL rewriting (cookies are off), if you use a
> > meta refresh.
> >
> > One solution that I've seen is to replace the ; with a ?, so the browser
> > will accept and process the entire URL... and then intercept the browser's
> > request before it gets back to the tomcat instance, and change the ? back
> > to a ; (since I'm using Apache... I'd use mod_rewrite)
> >
> > Are there any problems with this solution? Would a browser ever reject it
> > for having two ? 's? (one for the ;jsessionid and one for the normal
> > query string)
> >
> > This seems like a pretty rough solution. Does anyone have any better
> > ideas?
> >
> > Thanks,
> > Raiden
>
>
>
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Is there a solution to: jsessionid is ignored in a meta refresh?
Posted by Bill Barker <wb...@wilshire.com>.
Try encoding the ';' as follows:
<%
String refresh =
response.encodeURL("https://www.myserver.com/login/index.jsp");
int jssid = refresh.indexOf(";jsessionid");
if(jssid > 0) {
refresh = refesh.substring(0, jssid) + "%3b" +
refresh.substring(jssid+1);
}
%>
<META http-equiv="refresh" CONTENT="0; URL=<%= refresh %>">
"Raiden" <ra...@wonko.inow.com> wrote in message
news:Pine.LNX.4.44.0212022205490.8723-100000@wonko.inow.com...
> Hello,
>
> As is seen by searching the list archive, this problem has come up quite a
> bit, but there doesn't seem to be an agreed upon solution.
>
> The problem occurs in the following html code:
>
> <meta http-equiv="Refresh"
>
content="0;URL=https://www.myserver.com/login/index.jsp;jsessionid=3E9F55499
DCAE154870AD0FAE5B30C20?source=test">
>
> The ;jsessionid is ignored by the browser. So, it appears that you cannot
> maintain session through URL rewriting (cookies are off), if you use a
> meta refresh.
>
> One solution that I've seen is to replace the ; with a ?, so the browser
> will accept and process the entire URL... and then intercept the browser's
> request before it gets back to the tomcat instance, and change the ? back
> to a ; (since I'm using Apache... I'd use mod_rewrite)
>
> Are there any problems with this solution? Would a browser ever reject it
> for having two ? 's? (one for the ;jsessionid and one for the normal
> query string)
>
> This seems like a pretty rough solution. Does anyone have any better
> ideas?
>
> Thanks,
> Raiden
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>