You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Paul Legato <pj...@bluevoodoomagic.com> on 2003/07/16 23:04:39 UTC
Turning off jsessionid= in URL rewriting
Hi,
I have a client who is requiring that I turn off all the
;jsessionid=abc123etc. session persistance tags in the URL rewriting.
Unfortunately, I can't find any documentation on how to do this.
Is there an easy way to disable these tags across an entire application
(preferably without forking the Struts code)?
Thanks,
-Paul
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
Re: Turning off jsessionid= in URL rewriting
Posted by Steve <st...@browsermedia.com>.
It just so happens I just finished dealing with this myself. I found no
answers on the Internet, and I could not find any Struts code I could hack.
But I did solve the issue in my case.
My customer was using IIS which gagged on the ";" in the jessionid.
If you are using Resin, you are lucky as you can turn-off url-rewriting in
the resin.conf. I don't know about Tomcat, and my customer was using JRun
which did not have this option. (In fact, we are using ColdFusionMX .cfm's
instead of JSP's for our views! but that's another story ;)
My work around - for any IIS users out there - was to create in IIS a
virtualDirectory called "PhotoAlbum" which pointed to my Struts directory. I
then created a mapping for extentions ".*" to pass control to the servlet
engine. (The Verify File Exists option must be UN-checked for this to work).
In my struts-config, my forwards use this virtual directory (ie
path="/PhotoAlbum/main.cfm") so that IIS will see the virutal directory and
pass control to the server engine before IIS has a chance to gag on the ";".
Hope this info helps someone out there ;)
Steve B.
----- Original Message -----
From: "John Loring" <lo...@timetrade.com>
To: "Struts Users Mailing List" <st...@jakarta.apache.org>
Sent: Wednesday, July 16, 2003 6:04 PM
Subject: Re: Turning off jsessionid= in URL rewriting
> Paul,
>
> This is handled by the application server, so you'll have to turn it off
there. Usually there are settings for enabling/disabling session
persistence using cookies and/or url rewriting. Exactly where you'll find
them is dependent on the particular app server you are using. It's not
controlled by struts. If you use sessions in your application, shutting off
the jsessionid url rewriting will cause problems running on browsers with
cookies disabled.
>
> --John Loring
>
> Paul Legato wrote:
> >
> > Hi,
> > I have a client who is requiring that I turn off all the
> > ;jsessionid=abc123etc. session persistance tags in the URL rewriting.
> > Unfortunately, I can't find any documentation on how to do this.
> >
> > Is there an easy way to disable these tags across an entire application
> > (preferably without forking the Struts code)?
> >
> > Thanks,
> > -Paul
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
Re: Turning off jsessionid= in URL rewriting
Posted by Paul Legato <pj...@bluevoodoomagic.com>.
John,
I'm using Tomcat. I haven't found any setting for disabling these tags in its
configuration; do you have any idea if Tomcat supports this?
I understand that making an API call into the container is necessary within
the Struts taglib code to perform the URL rewriting. Is there is a way to
turn off this API call at the Struts level, maybe via some configuration
variable?
I know it'll cause problems with cookie-less browsers, and I've explained this
to the clients. They've decided that most end users will not have disabled
cookies, and that we should just print a message saying 'cookies are required
to use this site' if a user has cookies turned off. Not my call, I just write
the code. :)
-Paul
On Wednesday 16 July 2003 06:04 pm, John Loring wrote:
> Paul,
>
> This is handled by the application server, so you'll have to turn it off
> there. Usually there are settings for enabling/disabling session
> persistence using cookies and/or url rewriting. Exactly where you'll find
> them is dependent on the particular app server you are using. It's not
> controlled by struts. If you use sessions in your application, shutting
> off the jsessionid url rewriting will cause problems running on browsers
> with cookies disabled.
>
> --John Loring
>
> Paul Legato wrote:
> > Hi,
> > I have a client who is requiring that I turn off all the
> > ;jsessionid=abc123etc. session persistance tags in the URL rewriting.
> > Unfortunately, I can't find any documentation on how to do this.
> >
> > Is there an easy way to disable these tags across an entire application
> > (preferably without forking the Struts code)?
> >
> > Thanks,
> > -Paul
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
Re: Turning off jsessionid= in URL rewriting
Posted by John Loring <lo...@timetrade.com>.
Paul,
This is handled by the application server, so you'll have to turn it off there. Usually there are settings for enabling/disabling session persistence using cookies and/or url rewriting. Exactly where you'll find them is dependent on the particular app server you are using. It's not controlled by struts. If you use sessions in your application, shutting off the jsessionid url rewriting will cause problems running on browsers with cookies disabled.
--John Loring
Paul Legato wrote:
>
> Hi,
> I have a client who is requiring that I turn off all the
> ;jsessionid=abc123etc. session persistance tags in the URL rewriting.
> Unfortunately, I can't find any documentation on how to do this.
>
> Is there an easy way to disable these tags across an entire application
> (preferably without forking the Struts code)?
>
> Thanks,
> -Paul
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
Re: Turning off jsessionid= in URL rewriting
Posted by "Dhruva B. Reddy" <sl...@yahoo.com>.
I've been battling this myself (we're using IIS and Tomcat 4.1). We
accept credit cards and enabling cookies was the only way we could get
the session to survive the switch from HTTP to HTTPS and back.
You have to enable cookies at the context level. You do this in
server.xml. If you haven't defined a context in this file, that means
you are using the default context.
Unfortunately, I don't have the exact syntax on me at the moment (I
will when I go to work tomorrow if you haven't resolved this by then).
It's an attribute of the Context or DefaultContext element, something
like this:
<Context cookies="true">
This will automatically enable cookies with browsers that support/allow
them.
Dhruva
--- Paul Legato <pj...@bluevoodoomagic.com> wrote:
> Hi,
> I have a client who is requiring that I turn off all the
> ;jsessionid=abc123etc. session persistance tags in the URL rewriting.
>
> Unfortunately, I can't find any documentation on how to do this.
>
> Is there an easy way to disable these tags across an entire
> application
> (preferably without forking the Struts code)?
>
> Thanks,
> -Paul
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org