You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Gemes Tibor <ge...@regens.hu> on 2002/09/26 10:49:55 UTC
Re: Disabling jsessionid parameter in Struts forms
2002. szeptember 26. 11:42 dátummal Ori Tend ezt írtad:
> When using the <html:form> tag, and whenever the session is cookie
> disabled, Struts automatically puts a "jsessionid=..." in the URL string
> for cookie-disabled session tracking.
> I dont want have the "jsessionid=..." in the URL, but I do want to keep
> using the Struts taglib.
> Does anyone know how to diable the "jsessionid=..." in the URL ?
Enable cookies in your browser. If you don't have the jsesisonid appended AND
cookies enbled, you have to authorize yourself for each request and I guess
this isn't what you want.
Tib
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Disabling jsessionid parameter in Struts forms
Posted by Gemes Tibor <ge...@regens.hu>.
2002. szeptember 26. 11:59 dátummal Ori Tend ezt írtad:
> Thanks for the reply!
> I'm not sure I understand.. if I use in my JSP the standard <form> tag I
> dont get this jsessionid parameter when browsing to the page. Is there a
> way to use struts' <html:form> tag and not get this jsessionid?
If you use FORM based auth and disable cookies and don't use the EncodeURL()
you have to reauthenticate yourself for every request.
I can see the jsessionid appended only on the first page after the login page
if I have cookies enabled.
> I suspect that the jsessionid is added to the url by calling EncodeURL() at
> the struts taglib.
> I know that this may introduce problems to cookie-disabled visitors, but I
> don't want the jsessionid to appear.
Create a filter which processes the output and cut off from "jsessionid" to
the first ";" in each page for each occurence of "jsessionid".
If you insist.
Why does it bother you?
Tib
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Disabling jsessionid parameter in Struts forms
Posted by "Craig R. McClanahan" <cr...@apache.org>.
On Thu, 26 Sep 2002, Andrew Hill wrote:
> Date: Thu, 26 Sep 2002 17:11:41 +0800
> From: Andrew Hill <an...@gridnode.com>
> Reply-To: Struts Users Mailing List <st...@jakarta.apache.org>,
> andrew.david.hill@gridnode.com
> To: Struts Users Mailing List <st...@jakarta.apache.org>
> Subject: RE: Disabling jsessionid parameter in Struts forms
>
> You are correct about encodeURL() - this is when the sessionId is appended.
> The sessionId is part of the servlet API session tracking mechanism , and as
> you have noticed is appended to the URL when not using cookies. (When using
> cookies it is instead stored in a cookie).
> If you do not include the sessionId , you will not be able to make much use
> of session scope in your website (as each request will get a new session).
> If you dont need to use session scope to keep track of anything, this
> probably won't be a problem (I think - unless struts itself needs it for
> certain things?).
> As for actually disabling the appending of sessionId I am afraid I have no
> idea how you might achieve it with regards to the struts tags.
>
The "jsessionid" path parameter is indeed added by the call that Struts
automatically makes to response.encodeURL() when setting up URLs for you.
Without this automatic feature, you'd have to call encodeURL() yourself in
order to ensure that your application works when your client does not have
cookies enabled.
So, why does this get generated when my client *does* have cookies? The
reason is that, on the first response for a particular session, the server
has no way to know if you have cookies enabled or not, so the session ID
is sent *both* ways (via URL rewriting and as a cookie). If the session
ID comes back in as a cookie, the server will understand that it no longer
needs to rewrite from the second response on.
There is no configuration parameter to turn this off, and there won't be.
The important principle you should get used to is that the actual contents
of the request URL is pretty meaningless in a web application based on
Model 2 design patterns. You're far better training yourself (and your
users) to ignore the URL completely rather than obsessing over the
detailed contents.
For stubborn users, I've occasionally resorted to running the app in a
frameset with a single frame, just so the location bar URL doesn't change
on every request ...
Craig McClanahan
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Disabling jsessionid parameter in Struts forms
Posted by Andrew Hill <an...@gridnode.com>.
You are correct about encodeURL() - this is when the sessionId is appended.
The sessionId is part of the servlet API session tracking mechanism , and as
you have noticed is appended to the URL when not using cookies. (When using
cookies it is instead stored in a cookie).
If you do not include the sessionId , you will not be able to make much use
of session scope in your website (as each request will get a new session).
If you dont need to use session scope to keep track of anything, this
probably won't be a problem (I think - unless struts itself needs it for
certain things?).
As for actually disabling the appending of sessionId I am afraid I have no
idea how you might achieve it with regards to the struts tags.
-----Original Message-----
From: Ori Tend [mailto:ot@fetchbook.info]
Sent: Thursday, September 26, 2002 17:59
To: 'Struts Users Mailing List'
Subject: RE: Disabling jsessionid parameter in Struts forms
Thanks for the reply!
I'm not sure I understand.. if I use in my JSP the standard <form> tag I
dont get this jsessionid parameter when browsing to the page. Is there a way
to use struts' <html:form> tag and not get this jsessionid?
I suspect that the jsessionid is added to the url by calling EncodeURL() at
the struts taglib.
I know that this may introduce problems to cookie-disabled visitors, but I
don't want the jsessionid to appear.
Thanks!
-----Original Message-----
From: Gemes Tibor [mailto:gemes@regens.hu]
Sent: Thursday, September 26, 2002 10:50 AM
To: Struts Users Mailing List
Subject: Re: Disabling jsessionid parameter in Struts forms
2002. szeptember 26. 11:42 dátummal Ori Tend ezt írtad:
> When using the <html:form> tag, and whenever the session is cookie
> disabled, Struts automatically puts a "jsessionid=..." in the URL string
> for cookie-disabled session tracking.
> I dont want have the "jsessionid=..." in the URL, but I do want to keep
> using the Struts taglib.
> Does anyone know how to diable the "jsessionid=..." in the URL ?
Enable cookies in your browser. If you don't have the jsesisonid appended
AND
cookies enbled, you have to authorize yourself for each request and I guess
this isn't what you want.
Tib
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Disabling jsessionid parameter in Struts forms
Posted by Ori Tend <ot...@fetchbook.info>.
Thanks for the reply!
I'm not sure I understand.. if I use in my JSP the standard <form> tag I
dont get this jsessionid parameter when browsing to the page. Is there a way
to use struts' <html:form> tag and not get this jsessionid?
I suspect that the jsessionid is added to the url by calling EncodeURL() at
the struts taglib.
I know that this may introduce problems to cookie-disabled visitors, but I
don't want the jsessionid to appear.
Thanks!
-----Original Message-----
From: Gemes Tibor [mailto:gemes@regens.hu]
Sent: Thursday, September 26, 2002 10:50 AM
To: Struts Users Mailing List
Subject: Re: Disabling jsessionid parameter in Struts forms
2002. szeptember 26. 11:42 dátummal Ori Tend ezt írtad:
> When using the <html:form> tag, and whenever the session is cookie
> disabled, Struts automatically puts a "jsessionid=..." in the URL string
> for cookie-disabled session tracking.
> I dont want have the "jsessionid=..." in the URL, but I do want to keep
> using the Struts taglib.
> Does anyone know how to diable the "jsessionid=..." in the URL ?
Enable cookies in your browser. If you don't have the jsesisonid appended
AND
cookies enbled, you have to authorize yourself for each request and I guess
this isn't what you want.
Tib
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>