What most people do is to use a normal Webapp Filter to strip jsessionid
from ever being added to the urls..
If you override the HttpServletResponse.encode*Url methods to simply
return the url and not let the container add the jsession id to it.
This means that sessions will only work for users with cookies, but then
again who has cookies turned off these days?
Britske wrote:
yeah I realize that JSessionId is there for the session, but I want to build
functionality into a dispatcher that strips this jsessionid from the request
if a user is not logged in (logged in in my app means that a User-instance
exists in the ASM) and if the user has cookies disabled.
The rationale is
that I don't want search-engines to see the JSessionid, but I want to enable
users without cookies to login and track their settings using JSessionID in
the url.
Since search-engines don't login these 2 groups are nice mutually exclusive
and so it's a clean cut when to strip the JSessionid and when not.
Except that I'm still not sure how to do it.
Wrapping the request and response in a handler (before Tapestry comes in
action) and stripping it like that works, but doing it almost exactly the
same in a dispather doesn't .
That's why I think it has to do with some internal tapestry processing.
Do you have an idea where to look?
Howard Lewis Ship wrote:
All the jsessionid functionality is provided by the servlet container,
not by Tapestry. And it does exactly what you are suggesting ...
except that its not about the user being logged in, its about the user
have a session.
On Thu, Jul 10, 2008 at 8:52 AM, Britske <[EMAIL PROTECTED]> wrote:
partially related to a post I send a couple of days ago, but perhaps this
explains better what I'm trying to do.
I'm trying to strip the jSessionId from displaying in the url if:
1. user doesn't have cookies (otherwise it won't display anyway)
2. user is not logged in.
I wanted to implement this as a filter, but I have to go with a dispather
since to see if a user is logged in I need to have access to the ASM,
which
I can't get to in a filter.
Now somewhere in between all the HttpSevletRequest to tapestry.request
comversion, etc. tapestry decides to take over the JSessionId provided by
the HttpServletRequest. I want to intercept this call somehow and strip
the
JSessionId from the request.
I implemented a Dispatcher (the last in the line before onActivate is
called) and basically wrapped (subclassed) HttpServletRequest and
HttpServletResponse to return null for the sessionid and have redirecturl
return url. My own HttpServlet get's called in the app (and returns null
for
getrequestedSessionId()) This request is added as a constructor param to
a
newly created tapestry.requestImpl which are both saved to
RequestGlobals. I
though that should do the trick
not...
Apperantly somehow the jsessionid is picked up anyway although (when
expecting requestglobals.getHttpServletRequest.getRequstedSessionId() in
page.onactivate() this correctly returns null).
Anyone?
Thanks.
my code:
//SessionStripController
public final class SessionStripController implements Dispatcher {
private ApplicationStateManager asm;
private RequestGlobals globals;
public SessionStripController(ApplicationStateManager
asm,RequestGlobals
globals){
this.asm = asm;
this.globals = globals;
}
public boolean dispatch(Request req, Response response) throws
IOException
{
if (req.isRequestedSessionIdValid() &&
globals.getHTTPServletRequest().getCookies()==null)
{
Session session = req.getSession(false);
if (session != null) session.invalidate();
HttpServletRequestWrapper wrappednRequest = new
HttpServletRequestWrapperOwn(globals.getHTTPServletRequest());
HttpServletResponseWrapper wrappedResponse =
new
HttpServletResponseWrapper(globals.getHTTPServletResponse())
{
public String encodeRedirectUrl(String
url) { return url; }
public String encodeRedirectURL(String
url) { return url; }
public String encodeUrl(String url) {
return url; }
public String encodeURL(String url) {
return url; }
};
globals.storeServletRequestResponse(wrappednRequest, wrappedResponse);
globals.storeRequestResponse(new
RequestImpl(wrappednRequest), new
ResponseImpl(wrappedResponse));
}
return false;
}
}
//HttpServletRequestWrapperOwn
public class HttpServletRequestWrapperOwn extends
HttpServletRequestWrapper
{
public HttpServletRequestWrapperOwn(HttpServletRequest request) {
super(request);
}
public String getRequestedSessionId(){
return null;
}
}
--
View this message in context:
http://www.nabble.com/T5%3A-what-part-of-tapestry-adds-Jsessionid-tp18385573p18385573.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Howard M. Lewis Ship
Creator Apache Tapestry and Apache HiveMind
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
