You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Kevin Menard <km...@servprise.com> on 2006/06/11 15:03:49 UTC
Remove jsessionid from static resources?
Hi,
I was wondering whether it was possible to prevent the jsessionid from
being added to static resources. For instance, the Shell component may
append one to the stylesheet and the Image component may append one to the
image name. Unfortunately, I just found out our public webapp may have
been broken for a bit of time because of these being appended. We have
apache httpd as a front-end for serving up static resources, but when hit
with something like /images/logo.png;jsessionid=blahblahblahblahblah, it
would say the resource could not be found. If we instead allow the
servlet container to serve up the image, there's no problem, but then
there's issues associated with the servlet container serving up static
media.
If anyone could point me in the right direction on rectifying this, I'd
greatly appreciate it.
Thanks,
Kevin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Remove jsessionid from static resources?
Posted by Jesse Kuhnert <jk...@gmail.com>.
I think Howard mentioned the possibility of doing some portlet work
this/next week so hopefully if we ask nicely we might be able to get him to
look at it as well..
I've been very hesitant to go in and make changes to this particular section
as it seemed to require a lot of background homework investigation to make
sure it was getting the portlet && servlet spec right. (It's not as easy to
make changes to a framework as it is a product I've found ;) )
On 6/14/06, Jeff Lubetkin <je...@zillow.com> wrote:
>
> You can prevent JSESSIONID from being encoded onto URLs for bots. At
> Zillow, we've done this with a ServletFilter that compares the incoming
> user agent to a list of known bots, and if it matches replaces the
> HttpServletResponse with an HttpServletResponseWrapper that makes the
> encodeURL, encodeUrl, encodeRedirectURL, and encodeRedirectUrl methods
> into no-ops (simply returning their inputs).
>
> jeff
>
> -----Original Message-----
> From: andyhot@di.uoa.gr [mailto:andyhot@di.uoa.gr]
> Sent: Wednesday, June 14, 2006 4:08 PM
> To: Tapestry users
> Subject: Re: Remove jsessionid from static resources?
>
> Tapestry has several services.
> Asset and XTile services are marked as stateless.
> All others are marked as stateful.
>
> Now, all urls for links are eventually created by
> org.apache.tapestry.engine.EngineServiceLink
>
> That class receives the stateful flag, but starting from
> a 4.0 beta something version, it ignores it. This means
> that all urls have cycle.encodeURL() called on them.
> That call eventually calls tomcat's or jetty's or whatever
> implementation and results in jsessionid getting appended...
>
> The call to cycle.encodeURL() can of course be made only when
> stateful is true, but this was changed in order to fix some
> portlet api issues...
>
> I'm clearly in favor of changing this back but i need to see
> what happens in portlet mode.
> Could portlet tapestry simply use its own implementation of
> EngineServiceLink?
>
> From Henri Dupre <he...@gmail.com>:
>
> > The jsessionid is actually an important issue for making web sites
> search
> > engine friendly.
> > Currently, when google will suck your website, they will take all the
> > jsessionid.
> > I'd like to be able to get rid of them for all links when the user
> agent
> > contains "bot".
> >
> > Anyway I'm not sure this is a tapestry issue... I read posts on the
> tomcat
> > mailing list and I did not see any solution for preventing the URL
> > rewriting. I somehow have the feel that this is a tomcat limitation...
> >
> >
> > On 6/14/06, Kevin Menard <km...@servprise.com> wrote:
> > >
> > > Jesse,
> > >
> > > Happen to make any progress on this?
> > >
> > > Thanks,
> > > Kevin
> > >
> > > On Mon, 12 Jun 2006 12:08:52 -0400, Jesse Kuhnert
> <jk...@gmail.com>
> > > wrote:
> > >
> > > > Not sure right now but I'm "starring" this conversation in gmail
> and
> > > will
> > > > look it up tonight when I do my "hobby work"...
> > >
> > >
> > >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> > > For additional commands, e-mail: users-help@tapestry.apache.org
> > >
> > >
> >
> >
> > --
> > Thanks,
> >
> > Henri.
> >
>
>
> --
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
--
Jesse Kuhnert
Tacos/Tapestry, team member/developer
Open source based consulting work centered around
dojo/tapestry/tacos/hivemind.
Re: Remove jsessionid from static resources?
Posted by D&J Gredler <dj...@gmail.com>.
Cool, thanks for the info. I'll probably be going the same route. Should our
site get banned, I'll alert the list ;-)
On 6/16/06, Jeff Lubetkin <je...@zillow.com> wrote:
>
> We've noticed no issues, and SEO experts that we've talked to support
> this mechanism. Of course, Google being Google there's no way to know
> for sure what they do or don't like...
>
> jeff
>
> -----Original Message-----
> From: D&J Gredler [mailto:djgredler@gmail.com]
> Sent: Friday, June 16, 2006 4:24 AM
> To: Tapestry users
> Subject: Re: Remove jsessionid from static resources?
>
> Can you get banned from Google for this? I seem to remember they want to
> be
> served exactly the same content that a regular useragent would get.
> Obviously this isn't the kind of stuff they're trying to avoid... Just
> wondering.
>
> On 6/15/06, Jeff Lubetkin <je...@zillow.com> wrote:
> >
> > You can prevent JSESSIONID from being encoded onto URLs for bots. At
> > Zillow, we've done this with a ServletFilter that compares the
> incoming
> > user agent to a list of known bots, and if it matches replaces the
> > HttpServletResponse with an HttpServletResponseWrapper that makes the
> > encodeURL, encodeUrl, encodeRedirectURL, and encodeRedirectUrl methods
> > into no-ops (simply returning their inputs).
> >
> > jeff
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
RE: Remove jsessionid from static resources?
Posted by Jeff Lubetkin <je...@zillow.com>.
It's not a bug. When session is first created, Tomcat can't know if
cookies are supported or not, so it tries both cookies and URL
rewriting. If, on the subsequent request, the session ID comes out of
the cookie, Tomcat will stop rewriting the URLs.
jeff
-----Original Message-----
From: Henri Dupre [mailto:henri.dupre@gmail.com]
Sent: Friday, June 16, 2006 9:19 AM
To: Tapestry users
Subject: Re: Remove jsessionid from static resources?
On 6/16/06, D&J Gredler <dj...@gmail.com> wrote:
>
> Can you get banned from Google for this? I seem to remember they want
to
> be
> served exactly the same content that a regular useragent would get.
> Obviously this isn't the kind of stuff they're trying to avoid... Just
> wondering.
It is actually more somekind of Tomcat bug I believe... Tomcat is
supposed
to send a cookie and then not use the jsessionid but for some reasons,
it
does it anyway.
Thanks,
Henri.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Remove jsessionid from static resources?
Posted by Henri Dupre <he...@gmail.com>.
On 6/16/06, D&J Gredler <dj...@gmail.com> wrote:
>
> Can you get banned from Google for this? I seem to remember they want to
> be
> served exactly the same content that a regular useragent would get.
> Obviously this isn't the kind of stuff they're trying to avoid... Just
> wondering.
It is actually more somekind of Tomcat bug I believe... Tomcat is supposed
to send a cookie and then not use the jsessionid but for some reasons, it
does it anyway.
Thanks,
Henri.
RE: Remove jsessionid from static resources?
Posted by Jeff Lubetkin <je...@zillow.com>.
We've noticed no issues, and SEO experts that we've talked to support
this mechanism. Of course, Google being Google there's no way to know
for sure what they do or don't like...
jeff
-----Original Message-----
From: D&J Gredler [mailto:djgredler@gmail.com]
Sent: Friday, June 16, 2006 4:24 AM
To: Tapestry users
Subject: Re: Remove jsessionid from static resources?
Can you get banned from Google for this? I seem to remember they want to
be
served exactly the same content that a regular useragent would get.
Obviously this isn't the kind of stuff they're trying to avoid... Just
wondering.
On 6/15/06, Jeff Lubetkin <je...@zillow.com> wrote:
>
> You can prevent JSESSIONID from being encoded onto URLs for bots. At
> Zillow, we've done this with a ServletFilter that compares the
incoming
> user agent to a list of known bots, and if it matches replaces the
> HttpServletResponse with an HttpServletResponseWrapper that makes the
> encodeURL, encodeUrl, encodeRedirectURL, and encodeRedirectUrl methods
> into no-ops (simply returning their inputs).
>
> jeff
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Remove jsessionid from static resources?
Posted by D&J Gredler <dj...@gmail.com>.
Can you get banned from Google for this? I seem to remember they want to be
served exactly the same content that a regular useragent would get.
Obviously this isn't the kind of stuff they're trying to avoid... Just
wondering.
On 6/15/06, Jeff Lubetkin <je...@zillow.com> wrote:
>
> You can prevent JSESSIONID from being encoded onto URLs for bots. At
> Zillow, we've done this with a ServletFilter that compares the incoming
> user agent to a list of known bots, and if it matches replaces the
> HttpServletResponse with an HttpServletResponseWrapper that makes the
> encodeURL, encodeUrl, encodeRedirectURL, and encodeRedirectUrl methods
> into no-ops (simply returning their inputs).
>
> jeff
>
RE: Remove jsessionid from static resources?
Posted by Jeff Lubetkin <je...@zillow.com>.
You can prevent JSESSIONID from being encoded onto URLs for bots. At
Zillow, we've done this with a ServletFilter that compares the incoming
user agent to a list of known bots, and if it matches replaces the
HttpServletResponse with an HttpServletResponseWrapper that makes the
encodeURL, encodeUrl, encodeRedirectURL, and encodeRedirectUrl methods
into no-ops (simply returning their inputs).
jeff
-----Original Message-----
From: andyhot@di.uoa.gr [mailto:andyhot@di.uoa.gr]
Sent: Wednesday, June 14, 2006 4:08 PM
To: Tapestry users
Subject: Re: Remove jsessionid from static resources?
Tapestry has several services.
Asset and XTile services are marked as stateless.
All others are marked as stateful.
Now, all urls for links are eventually created by
org.apache.tapestry.engine.EngineServiceLink
That class receives the stateful flag, but starting from
a 4.0 beta something version, it ignores it. This means
that all urls have cycle.encodeURL() called on them.
That call eventually calls tomcat's or jetty's or whatever
implementation and results in jsessionid getting appended...
The call to cycle.encodeURL() can of course be made only when
stateful is true, but this was changed in order to fix some
portlet api issues...
I'm clearly in favor of changing this back but i need to see
what happens in portlet mode.
Could portlet tapestry simply use its own implementation of
EngineServiceLink?
>From Henri Dupre <he...@gmail.com>:
> The jsessionid is actually an important issue for making web sites
search
> engine friendly.
> Currently, when google will suck your website, they will take all the
> jsessionid.
> I'd like to be able to get rid of them for all links when the user
agent
> contains "bot".
>
> Anyway I'm not sure this is a tapestry issue... I read posts on the
tomcat
> mailing list and I did not see any solution for preventing the URL
> rewriting. I somehow have the feel that this is a tomcat limitation...
>
>
> On 6/14/06, Kevin Menard <km...@servprise.com> wrote:
> >
> > Jesse,
> >
> > Happen to make any progress on this?
> >
> > Thanks,
> > Kevin
> >
> > On Mon, 12 Jun 2006 12:08:52 -0400, Jesse Kuhnert
<jk...@gmail.com>
> > wrote:
> >
> > > Not sure right now but I'm "starring" this conversation in gmail
and
> > will
> > > look it up tonight when I do my "hobby work"...
> >
> >
> >
---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> > For additional commands, e-mail: users-help@tapestry.apache.org
> >
> >
>
>
> --
> Thanks,
>
> Henri.
>
--
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Remove jsessionid from static resources?
Posted by an...@di.uoa.gr.
Tapestry has several services.
Asset and XTile services are marked as stateless.
All others are marked as stateful.
Now, all urls for links are eventually created by
org.apache.tapestry.engine.EngineServiceLink
That class receives the stateful flag, but starting from
a 4.0 beta something version, it ignores it. This means
that all urls have cycle.encodeURL() called on them.
That call eventually calls tomcat's or jetty's or whatever
implementation and results in jsessionid getting appended...
The call to cycle.encodeURL() can of course be made only when
stateful is true, but this was changed in order to fix some
portlet api issues...
I'm clearly in favor of changing this back but i need to see
what happens in portlet mode.
Could portlet tapestry simply use its own implementation of
EngineServiceLink?
>From Henri Dupre <he...@gmail.com>:
> The jsessionid is actually an important issue for making web sites search
> engine friendly.
> Currently, when google will suck your website, they will take all the
> jsessionid.
> I'd like to be able to get rid of them for all links when the user agent
> contains "bot".
>
> Anyway I'm not sure this is a tapestry issue... I read posts on the tomcat
> mailing list and I did not see any solution for preventing the URL
> rewriting. I somehow have the feel that this is a tomcat limitation...
>
>
> On 6/14/06, Kevin Menard <km...@servprise.com> wrote:
> >
> > Jesse,
> >
> > Happen to make any progress on this?
> >
> > Thanks,
> > Kevin
> >
> > On Mon, 12 Jun 2006 12:08:52 -0400, Jesse Kuhnert <jk...@gmail.com>
> > wrote:
> >
> > > Not sure right now but I'm "starring" this conversation in gmail and
> > will
> > > look it up tonight when I do my "hobby work"...
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> > For additional commands, e-mail: users-help@tapestry.apache.org
> >
> >
>
>
> --
> Thanks,
>
> Henri.
>
--
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Remove jsessionid from static resources?
Posted by Henri Dupre <he...@gmail.com>.
The jsessionid is actually an important issue for making web sites search
engine friendly.
Currently, when google will suck your website, they will take all the
jsessionid.
I'd like to be able to get rid of them for all links when the user agent
contains "bot".
Anyway I'm not sure this is a tapestry issue... I read posts on the tomcat
mailing list and I did not see any solution for preventing the URL
rewriting. I somehow have the feel that this is a tomcat limitation...
On 6/14/06, Kevin Menard <km...@servprise.com> wrote:
>
> Jesse,
>
> Happen to make any progress on this?
>
> Thanks,
> Kevin
>
> On Mon, 12 Jun 2006 12:08:52 -0400, Jesse Kuhnert <jk...@gmail.com>
> wrote:
>
> > Not sure right now but I'm "starring" this conversation in gmail and
> will
> > look it up tonight when I do my "hobby work"...
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
--
Thanks,
Henri.
Re: Remove jsessionid from static resources?
Posted by Kevin Menard <km...@servprise.com>.
Jesse,
Happen to make any progress on this?
Thanks,
Kevin
On Mon, 12 Jun 2006 12:08:52 -0400, Jesse Kuhnert <jk...@gmail.com>
wrote:
> Not sure right now but I'm "starring" this conversation in gmail and will
> look it up tonight when I do my "hobby work"...
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Remove jsessionid from static resources?
Posted by Kevin Menard <km...@servprise.com>.
On Mon, 12 Jun 2006 12:08:52 -0400, Jesse Kuhnert <jk...@gmail.com>
wrote:
> Not sure right now but I'm "starring" this conversation in gmail and will
> look it up tonight when I do my "hobby work"...
Thanks, I appreciate it. Hopefully this will help you out with your 4.1
work as well.
--
Kevin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Remove jsessionid from static resources?
Posted by Jesse Kuhnert <jk...@gmail.com>.
Not sure right now but I'm "starring" this conversation in gmail and will
look it up tonight when I do my "hobby work"...
On 6/12/06, Kevin Menard <km...@servprise.com> wrote:
>
> Thanks for the info, Jesse. Unfortunately, it doesn't seem that the
> AssetService actually appends the jsessionid. I suspect overriding the
> ContextAssetFactory may get me what I want, but when I try to contribute
> my own implementation, HiveMind tells me there are two services registered
> with the "context" prefix and bombs out. Any other suggestions?
>
> Thanks,
> Kevin
>
> On Sun, 11 Jun 2006 11:26:04 -0400, Jesse Kuhnert <jk...@gmail.com>
> wrote:
>
> > You could override the AssetService implementation being run in hivemind
> > to
> > get the desired results. There is an open JIRA issue for this that is
> > set to
> > be resolved in the upcoming 4.1 release.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
--
Jesse Kuhnert
Tacos/Tapestry, team member/developer
Open source based consulting work centered around
dojo/tapestry/tacos/hivemind.
Re: Remove jsessionid from static resources?
Posted by Kevin Menard <km...@servprise.com>.
Thanks for the info, Jesse. Unfortunately, it doesn't seem that the
AssetService actually appends the jsessionid. I suspect overriding the
ContextAssetFactory may get me what I want, but when I try to contribute
my own implementation, HiveMind tells me there are two services registered
with the "context" prefix and bombs out. Any other suggestions?
Thanks,
Kevin
On Sun, 11 Jun 2006 11:26:04 -0400, Jesse Kuhnert <jk...@gmail.com>
wrote:
> You could override the AssetService implementation being run in hivemind
> to
> get the desired results. There is an open JIRA issue for this that is
> set to
> be resolved in the upcoming 4.1 release.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Remove jsessionid from static resources?
Posted by Jesse Kuhnert <jk...@gmail.com>.
You could override the AssetService implementation being run in hivemind to
get the desired results. There is an open JIRA issue for this that is set to
be resolved in the upcoming 4.1 release.
On 6/11/06, Kevin Menard <km...@servprise.com> wrote:
>
> Hi,
>
> I was wondering whether it was possible to prevent the jsessionid from
> being added to static resources. For instance, the Shell component may
> append one to the stylesheet and the Image component may append one to the
> image name. Unfortunately, I just found out our public webapp may have
> been broken for a bit of time because of these being appended. We have
> apache httpd as a front-end for serving up static resources, but when hit
> with something like /images/logo.png;jsessionid=blahblahblahblahblah, it
> would say the resource could not be found. If we instead allow the
> servlet container to serve up the image, there's no problem, but then
> there's issues associated with the servlet container serving up static
> media.
>
> If anyone could point me in the right direction on rectifying this, I'd
> greatly appreciate it.
>
> Thanks,
> Kevin
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
--
Jesse Kuhnert
Tacos/Tapestry, team member/developer
Open source based consulting work centered around
dojo/tapestry/tacos/hivemind.