You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by David White <wh...@home.com> on 2001/07/04 20:10:22 UTC

URL Re-writing?

I am new to struts/jsp/etc.

I understand that the struts framework can automatically handle session
management via URL re-writing if the user's browser does not permit
cookies to be used.

The funny thing is that sometimes, my browser shows a jsessionid value
in the address box and other times it does not. I would expect that I
would ONLY see this value if my browser had cookie support disabled and
that all other times, I would see nothing as cookie support is enabled
and URL re-writing is not required.

What I actually see is that sometimes I do not see the value displayed
and other times I will see it. Even when cookies are enabled, I may
still see this value.

I am puzzled. Any help is appreciated.

Thanks,

David
Seattle

Re: URL Re-writing?

Posted by Kief Morris <ki...@bitbull.com>.

David White typed the following on 11:10 AM 7/4/2001 -0700
>What I actually see is that sometimes I do not see the value displayed
>and other times I will see it. Even when cookies are enabled, I may
>still see this value.

On the first request to a web application, your browser will not have a
cookie to send to the server. The server has no way of knowing whether
your browser is accepting  cookies, so URL's are rewritten in addition
to sending the cookie. On subsequent requests the server gets the
cookie so knows it doesn't need to rewrite the URLs.

Kief

Re: URL Re-writing?

Posted by "Craig R. McClanahan" <cr...@apache.org>.

On Wed, 4 Jul 2001, David White wrote:

> I am new to struts/jsp/etc.
> 
> I understand that the struts framework can automatically handle session
> management via URL re-writing if the user's browser does not permit
> cookies to be used.
> 
> The funny thing is that sometimes, my browser shows a jsessionid value
> in the address box and other times it does not. I would expect that I
> would ONLY see this value if my browser had cookie support disabled and
> that all other times, I would see nothing as cookie support is enabled
> and URL re-writing is not required.
> 
> What I actually see is that sometimes I do not see the value displayed
> and other times I will see it. Even when cookies are enabled, I may
> still see this value.
> 
> I am puzzled. Any help is appreciated.
> 

The first time that you make a request that is part of a session, the
servlet container has no clue about whether or not the client supports
cookies.  Therefore, it sends the session ID *both* ways (as a cookie and
as an encoded URL).  Then, when the next request comes in, the container
can look at whether the cookie is present and say either:

- "Aha, this client supports cookies.  Therefore I don't need to
  encode URLs any more -- we'll just use cookies."

- "Aha', this client doesn't support cookies.  Therefore, I will continue
  to use URL rewriting."

The key issue is that the container has no idea which scenario will occur
until the *second* request.  Therefore, the only rational strategy is to
send the session identifier both ways the first time, and see which one
comes back.

> Thanks,
> 
> David
> Seattle
> 

Craig McClanahan