I want to strip JsessionId from the url (for browsers who dont support cookies) for SEO purposes. btw: perhaps a bit long-winded as to the why's, but it may help others.
At first I implemented a servletfilter (from http://randomcoder.com/articles/jsessionid-considered-harmful) which basically consists of passing a subclassed httpServletResponse where i've overwritten the encodeUrl() method to not to include the jsessionid. This works well. However I do not want to strip the jsesisonid when the user has logged in. The rationale here is that I really do need a session when a user is logged in, and since a searchengine doesn't login (at least I don't program for it) It can't harm to make this exception. The application recognizes that a user is logged in if a User-instance is present in the ASM (ApplicationStateManager). This means I have to let the notion of a requesthandler go, and go instead with a tapestry dispatcher, since a servlet requesthandler has no way f getting the ASM of the current user. (Is this correct?) Not much changed to the dispather (in relationship to the code in the requestfilter before). The Dispatcher is also correctly registered in AppModule etc. The problem is that although I see that jsessionid is stripped in the custom encodeUrl-method, if appears afterwards in request (as noticed in the address-bar). So my question is: What code inserts the jsessionid-again, after the Response.encodeUrl()-method, and how can I change it's behavior? the relevant code: //Appmodule public static void bind(ServiceBinder binder) { binder.bind(AccessController.class).withId("AccessController"); binder.bind(AutoLoginController.class).withId("AutoLoginController"); binder.bind(SessionStripController.class).withId("SessionStripController"); } public void contributeMasterDispatcher(OrderedConfiguration<Dispatcher> configuration, @InjectService("AccessController") Dispatcher accessController, @InjectService("AutoLoginController") Dispatcher autoLoginController, @InjectService("SessionStripController") Dispatcher sessionStripController) { configuration.add("AccessController", accessController, "before:PageRender"); configuration.add("AutoLoginController", autoLoginController, "before:AccessController"); configuration.add("SessionStripController", sessionStripController,"before:AutoLoginController"); } //sessionstripcontroller public final class SessionStripController implements Dispatcher { private ApplicationStateManager asm; private RequestGlobals globals; public SessionStripController(ApplicationStateManager asm,RequestGlobals globals){ this.asm = asm; this.globals = globals; } public boolean dispatch(Request req, Response response) throws IOException { // clear session if session id in URL if (req.isRequestedSessionIdValid() && globals.getHTTPServletRequest().getCookies()==null) { Session session = req.getSession(false); if (session != null) session.invalidate(); ServletResponseWrapper wrapResp = new ServletResponseWrapper(globals.getHTTPServletResponse()); globals.storeRequestResponse(req, wrapResp); } return false; } } //ServletResponseWrapper public class ServletResponseWrapper extends ResponseImpl{ public ServletResponseWrapper(HttpServletResponse response) { super(response); // TODO Auto-generated constructor stub } @Override public String encodeRedirectURL(String url) { url = super.encodeRedirectURL(url); return url; } @Override public String encodeURL(String url) { url = super.encodeURL(url); url = url.substring(0,url.indexOf(";")); return url; } } btw: encodeRedirectURL and encodeURL can just return <url> straightaway, but the above code enabled me to see that indeed this code stripped the added jsessionid that super.encode*Url() added. So where is the other method that's adding jsessionid? Cheers, Britske -- View this message in context: http://www.nabble.com/stripping-jsessionid-in-custom-dispatcher-depending-on-ASM.-tp18351016p18351016.html Sent from the Tapestry - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
