yeah I realize that JSessionId is there for the session, but I want to build
functionality into a dispatcher that strips this jsessionid from the request
if a user is not logged in (logged in in my app means that a User-instance
exists in the ASM) and if the user has cookies disabled.
The rationale is
that I don't want search-engines to see the JSessionid, but I want to enable
users without cookies to login and track their settings using JSessionID in
the url.
Since search-engines don't login these 2 groups are nice mutually exclusive
and so it's a clean cut when to strip the JSessionid and when not.
Except that I'm still not sure how to do it.
Wrapping the request and response in a handler (before Tapestry comes in
action) and stripping it like that works, but doing it almost exactly the
same in a dispather doesn't .
That's why I think it has to do with some internal tapestry processing.
Do you have an idea where to look?
Howard Lewis Ship wrote:
>
> All the jsessionid functionality is provided by the servlet container,
> not by Tapestry. And it does exactly what you are suggesting ...
> except that its not about the user being logged in, its about the user
> have a session.
>
> On Thu, Jul 10, 2008 at 8:52 AM, Britske <[EMAIL PROTECTED]> wrote:
>>
>> partially related to a post I send a couple of days ago, but perhaps this
>> explains better what I'm trying to do.
>>
>> I'm trying to strip the jSessionId from displaying in the url if:
>> 1. user doesn't have cookies (otherwise it won't display anyway)
>> 2. user is not logged in.
>>
>> I wanted to implement this as a filter, but I have to go with a dispather
>> since to see if a user is logged in I need to have access to the ASM,
>> which
>> I can't get to in a filter.
>>
>>
>> Now somewhere in between all the HttpSevletRequest to tapestry.request
>> comversion, etc. tapestry decides to take over the JSessionId provided by
>> the HttpServletRequest. I want to intercept this call somehow and strip
>> the
>> JSessionId from the request.
>>
>> I implemented a Dispatcher (the last in the line before onActivate is
>> called) and basically wrapped (subclassed) HttpServletRequest and
>> HttpServletResponse to return null for the sessionid and have redirecturl
>> return url. My own HttpServlet get's called in the app (and returns null
>> for
>> getrequestedSessionId()) This request is added as a constructor param to
>> a
>> newly created tapestry.requestImpl which are both saved to
>> RequestGlobals. I
>> though that should do the trick
>>
>> not...
>> Apperantly somehow the jsessionid is picked up anyway although (when
>> expecting requestglobals.getHttpServletRequest.getRequstedSessionId() in
>> page.onactivate() this correctly returns null).
>>
>> Anyone?
>> Thanks.
>>
>> my code:
>> //SessionStripController
>> public final class SessionStripController implements Dispatcher {
>> private ApplicationStateManager asm;
>> private RequestGlobals globals;
>>
>> public SessionStripController(ApplicationStateManager
>> asm,RequestGlobals
>> globals){
>> this.asm = asm;
>> this.globals = globals;
>> }
>>
>> public boolean dispatch(Request req, Response response) throws
>> IOException
>> {
>> if (req.isRequestedSessionIdValid() &&
>> globals.getHTTPServletRequest().getCookies()==null)
>> {
>> Session session = req.getSession(false);
>> if (session != null) session.invalidate();
>>
>> HttpServletRequestWrapper wrappednRequest = new
>> HttpServletRequestWrapperOwn(globals.getHTTPServletRequest());
>>
>> HttpServletResponseWrapper wrappedResponse =
>> new
>> HttpServletResponseWrapper(globals.getHTTPServletResponse())
>> {
>> public String encodeRedirectUrl(String
>> url) { return url; }
>> public String encodeRedirectURL(String
>> url) { return url; }
>> public String encodeUrl(String url) {
>> return url; }
>> public String encodeURL(String url) {
>> return url; }
>> };
>>
>> globals.storeServletRequestResponse(wrappednRequest, wrappedResponse);
>> globals.storeRequestResponse(new
>> RequestImpl(wrappednRequest), new
>> ResponseImpl(wrappedResponse));
>> }
>> return false;
>> }
>> }
>>
>>
>> //HttpServletRequestWrapperOwn
>> public class HttpServletRequestWrapperOwn extends
>> HttpServletRequestWrapper
>> {
>>
>> public HttpServletRequestWrapperOwn(HttpServletRequest request) {
>> super(request);
>> }
>>
>> public String getRequestedSessionId(){
>> return null;
>> }
>>
>> }
>>
>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/T5%3A-what-part-of-tapestry-adds-Jsessionid-tp18385573p18385573.html
>> Sent from the Tapestry - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
>
> --
> Howard M. Lewis Ship
>
> Creator Apache Tapestry and Apache HiveMind
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
View this message in context:
http://www.nabble.com/T5%3A-what-part-of-tapestry-adds-Jsessionid-tp18385573p18387981.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
