You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Michael <to...@meinsenf.at> on 2002/03/28 11:16:59 UTC
session from URL/Cookie
Hi!
(tomcat 3.3.1)
*** please help! ***
my question (short version;-):
client supports cookies and makes a request with session-encoded URL:
request: http://myserver/testservlet;jsessionid=12121212
isRequestedSessionIdFromURL() is false
isRequestedSessionIdFromCookie() is true
and
getRequestURI() won't show the encoded sessionid!!!
so how to find out, that the URL is encoded???
question (long version):
If a client request comes with no session (or an invalid session) I do:
session = request.getSession(true); //create session
result.sendRedirect(result.encodeRedirectURL(request.getRequestURI())); //redirect to the same page, so the next request comes with valid session
- tomcat can't know, whether my browser supports cookies the time it creates the session or not
- so it encodes the sessionid into the URL
- after the redirect, I can check, if the client's browser supports cookies (isRequestedSessionIdFromURL() /Cookie()) - this works in any case, because the URL is encoded!!!
my problem:
- now I would like to make another redirect, if the browser supports cookies (so the sessionid won't be visible in the URL again) or leave the session id in the encoded URL (if it doesn't support cookies)
BUT how to check, if the sessionid is encoded into the URL, when the browser supports cookies???
isRequestedSessionIdFromURL() is false
isRequestedSessionIdFromCookie() is true
and
getRequestURI() won't show the encoded sessionid!!!
an example:
client request: http://myserver/testservlet (no session)
-> create new session - redirect to same page
client request: http://myserver/testservlet;jsessionid=12121212
-> now tomcat sees if the browser supports cookies or not - but how do I recognize, that the URL is encoded?
another redirect to the same page would do
request: http://myserver/testservlet;jsessionid=12121212
request: http://myserver/testservlet
thanks
michi
RE: session from URL/Cookie
Posted by "Craig R. McClanahan" <cr...@apache.org>.
On Wed, 3 Apr 2002, Huy K Dung wrote:
> Date: Wed, 3 Apr 2002 13:55:33 -0500
> From: Huy K Dung <hd...@lending4all.com>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>,
> hdung@lending4all.com
> To: 'Tomcat Users List' <to...@jakarta.apache.org>
> Subject: RE: session from URL/Cookie
>
> How do i encode URLs in Velocity Macro? I am using Tomcat and Turbine.
Sounds like a question for the VELOCITY-USER mailing list. (And since I
don't know the answer, I can't expand on it anyway :-). Subscription
instructions for all Jakarta mailing lists is at
http://jakarta.apache.org/site/mail.html
Craig
>
> -----Original Message-----
> From: Jeff Larsen [mailto:larsen@qec.com]
> Sent: Thursday, March 28, 2002 10:36 AM
> To: Tomcat Users List
> Subject: Re: session from URL/Cookie
>
>
> I'm not entirely sure I understand your problem, but I'll
> take a stab at it anyway....
>
> Typically, you don't need to worry about where the sessionid comes
> from. Anywhere you send a redirect or put a link in a JSP or servlet
> generated html, you should ALWAYS use HttpServletResponse.encodeURL() or
> HttpServletResponse.encodeRedirectURL(). Once tomcat knows whether or
> not the browser is using cookies, it will encode the URL as needed. If
> cookies are enabled, the URL will be unchanged. If no cookies, the session
> ID will be inserted. Tomcat does this for you. You don't need to worry about
> it, just encode ALL URLs.
>
> Jeff
>
> ----- Original Message -----
> From: "Michael" <to...@meinsenf.at>
> To: <to...@jakarta.apache.org>
> Sent: Thursday, March 28, 2002 4:16 AM
> Subject: session from URL/Cookie
>
>
> >
> > Hi!
> >
> > (tomcat 3.3.1)
> >
> > *** please help! ***
> >
> > my question (short version;-):
> > client supports cookies and makes a request with session-encoded URL:
> > request: http://myserver/testservlet;jsessionid=12121212
> > isRequestedSessionIdFromURL() is false
> > isRequestedSessionIdFromCookie() is true
> > and
> > getRequestURI() won't show the encoded sessionid!!!
> >
> > so how to find out, that the URL is encoded???
> >
> >
> > question (long version):
> >
> > If a client request comes with no session (or an invalid session) I do:
> >
> > session = request.getSession(true); //create session
> > result.sendRedirect(result.encodeRedirectURL(request.getRequestURI()));
> //redirect to
> the same page, so the next request comes with valid session
> >
> > - tomcat can't know, whether my browser supports cookies the time it
> creates the session
> or not
> > - so it encodes the sessionid into the URL
> > - after the redirect, I can check, if the client's browser supports
> cookies
> (isRequestedSessionIdFromURL() /Cookie()) - this works in any case, because
> the URL is
> encoded!!!
> > my problem:
> > - now I would like to make another redirect, if the browser supports
> cookies (so the
> sessionid won't be visible in the URL again) or leave the session id in the
> encoded URL
> (if it doesn't support cookies)
> >
> > BUT how to check, if the sessionid is encoded into the URL, when the
> browser supports
> cookies???
> > isRequestedSessionIdFromURL() is false
> > isRequestedSessionIdFromCookie() is true
> > and
> > getRequestURI() won't show the encoded sessionid!!!
> >
> > an example:
> > client request: http://myserver/testservlet (no session)
> > -> create new session - redirect to same page
> > client request: http://myserver/testservlet;jsessionid=12121212
> > -> now tomcat sees if the browser supports cookies or not - but how do I
> recognize, that
> the URL is encoded?
> > another redirect to the same page would do
> > request: http://myserver/testservlet;jsessionid=12121212
> > request: http://myserver/testservlet
> >
> >
> > thanks
> > michi
>
>
> ----------------------------------------------------------------------------
> ----
>
>
> > --
> > To unsubscribe: <ma...@jakarta.apache.org>
> > For additional commands: <ma...@jakarta.apache.org>
> > Troubles with the list: <ma...@jakarta.apache.org>
>
>
> --
> To unsubscribe: <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>
>
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>
RE: session from URL/Cookie
Posted by Huy K Dung <hd...@lending4all.com>.
How do i encode URLs in Velocity Macro? I am using Tomcat and Turbine.
-----Original Message-----
From: Jeff Larsen [mailto:larsen@qec.com]
Sent: Thursday, March 28, 2002 10:36 AM
To: Tomcat Users List
Subject: Re: session from URL/Cookie
I'm not entirely sure I understand your problem, but I'll
take a stab at it anyway....
Typically, you don't need to worry about where the sessionid comes
from. Anywhere you send a redirect or put a link in a JSP or servlet
generated html, you should ALWAYS use HttpServletResponse.encodeURL() or
HttpServletResponse.encodeRedirectURL(). Once tomcat knows whether or
not the browser is using cookies, it will encode the URL as needed. If
cookies are enabled, the URL will be unchanged. If no cookies, the session
ID will be inserted. Tomcat does this for you. You don't need to worry about
it, just encode ALL URLs.
Jeff
----- Original Message -----
From: "Michael" <to...@meinsenf.at>
To: <to...@jakarta.apache.org>
Sent: Thursday, March 28, 2002 4:16 AM
Subject: session from URL/Cookie
>
> Hi!
>
> (tomcat 3.3.1)
>
> *** please help! ***
>
> my question (short version;-):
> client supports cookies and makes a request with session-encoded URL:
> request: http://myserver/testservlet;jsessionid=12121212
> isRequestedSessionIdFromURL() is false
> isRequestedSessionIdFromCookie() is true
> and
> getRequestURI() won't show the encoded sessionid!!!
>
> so how to find out, that the URL is encoded???
>
>
> question (long version):
>
> If a client request comes with no session (or an invalid session) I do:
>
> session = request.getSession(true); //create session
> result.sendRedirect(result.encodeRedirectURL(request.getRequestURI()));
//redirect to
the same page, so the next request comes with valid session
>
> - tomcat can't know, whether my browser supports cookies the time it
creates the session
or not
> - so it encodes the sessionid into the URL
> - after the redirect, I can check, if the client's browser supports
cookies
(isRequestedSessionIdFromURL() /Cookie()) - this works in any case, because
the URL is
encoded!!!
> my problem:
> - now I would like to make another redirect, if the browser supports
cookies (so the
sessionid won't be visible in the URL again) or leave the session id in the
encoded URL
(if it doesn't support cookies)
>
> BUT how to check, if the sessionid is encoded into the URL, when the
browser supports
cookies???
> isRequestedSessionIdFromURL() is false
> isRequestedSessionIdFromCookie() is true
> and
> getRequestURI() won't show the encoded sessionid!!!
>
> an example:
> client request: http://myserver/testservlet (no session)
> -> create new session - redirect to same page
> client request: http://myserver/testservlet;jsessionid=12121212
> -> now tomcat sees if the browser supports cookies or not - but how do I
recognize, that
the URL is encoded?
> another redirect to the same page would do
> request: http://myserver/testservlet;jsessionid=12121212
> request: http://myserver/testservlet
>
>
> thanks
> michi
----------------------------------------------------------------------------
----
> --
> To unsubscribe: <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>
Re: session from URL/Cookie
Posted by Jeff Larsen <la...@qec.com>.
I'm not entirely sure I understand your problem, but I'll
take a stab at it anyway....
Typically, you don't need to worry about where the sessionid comes
from. Anywhere you send a redirect or put a link in a JSP or servlet
generated html, you should ALWAYS use HttpServletResponse.encodeURL() or
HttpServletResponse.encodeRedirectURL(). Once tomcat knows whether or
not the browser is using cookies, it will encode the URL as needed. If
cookies are enabled, the URL will be unchanged. If no cookies, the session
ID will be inserted. Tomcat does this for you. You don't need to worry about
it, just encode ALL URLs.
Jeff
----- Original Message -----
From: "Michael" <to...@meinsenf.at>
To: <to...@jakarta.apache.org>
Sent: Thursday, March 28, 2002 4:16 AM
Subject: session from URL/Cookie
>
> Hi!
>
> (tomcat 3.3.1)
>
> *** please help! ***
>
> my question (short version;-):
> client supports cookies and makes a request with session-encoded URL:
> request: http://myserver/testservlet;jsessionid=12121212
> isRequestedSessionIdFromURL() is false
> isRequestedSessionIdFromCookie() is true
> and
> getRequestURI() won't show the encoded sessionid!!!
>
> so how to find out, that the URL is encoded???
>
>
> question (long version):
>
> If a client request comes with no session (or an invalid session) I do:
>
> session = request.getSession(true); //create session
> result.sendRedirect(result.encodeRedirectURL(request.getRequestURI())); //redirect to
the same page, so the next request comes with valid session
>
> - tomcat can't know, whether my browser supports cookies the time it creates the session
or not
> - so it encodes the sessionid into the URL
> - after the redirect, I can check, if the client's browser supports cookies
(isRequestedSessionIdFromURL() /Cookie()) - this works in any case, because the URL is
encoded!!!
> my problem:
> - now I would like to make another redirect, if the browser supports cookies (so the
sessionid won't be visible in the URL again) or leave the session id in the encoded URL
(if it doesn't support cookies)
>
> BUT how to check, if the sessionid is encoded into the URL, when the browser supports
cookies???
> isRequestedSessionIdFromURL() is false
> isRequestedSessionIdFromCookie() is true
> and
> getRequestURI() won't show the encoded sessionid!!!
>
> an example:
> client request: http://myserver/testservlet (no session)
> -> create new session - redirect to same page
> client request: http://myserver/testservlet;jsessionid=12121212
> -> now tomcat sees if the browser supports cookies or not - but how do I recognize, that
the URL is encoded?
> another redirect to the same page would do
> request: http://myserver/testservlet;jsessionid=12121212
> request: http://myserver/testservlet
>
>
> thanks
> michi
--------------------------------------------------------------------------------
> --
> To unsubscribe: <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>