I had a similar issue with my site and instead took the route of not
creating the session for users that don't need it.
I had to override the tapestry Form component so it only stored the
validation tracker when there were errors and implement a session
persistence that didn't create a session if the value stored was null. I
believe the last part has been fixed in the standard session
persistence. I'm in 5.0.11.
here's my extended Form if you're interested.
public class Form extends org.apache.tapestry.corelib.components.Form {
@Persist
private ValidationTracker _tracker;
private ValidationTracker _nonPersistedTracker;
public ValidationTracker getDefaultTracker() {
if (_nonPersistedTracker == null) {
if (_tracker != null) {
// _tracker is loaded via injection magic when it's in the
session
_nonPersistedTracker = _tracker;
} else {
_nonPersistedTracker = new ValidationTrackerImpl();
}
}
return _nonPersistedTracker;
}
public void setDefaultTracker(ValidationTracker defaultTracker) {
_nonPersistedTracker = defaultTracker;
}
protected void onAction() {
if (_nonPersistedTracker.getHasErrors()) {
_tracker = _nonPersistedTracker;
} else {
_tracker = null;
}
}
}
Josh
On Thu, Jul 10, 2008 at 10:30 AM, Britske <[EMAIL PROTECTED]> wrote:
>
> yeah I realize that JSessionId is there for the session, but I want to
> build
> functionality into a dispatcher that strips this jsessionid from the
> request
> if a user is not logged in (logged in in my app means that a User-instance
> exists in the ASM) and if the user has cookies disabled.
>
> The rationale is
> that I don't want search-engines to see the JSessionid, but I want to
> enable
> users without cookies to login and track their settings using JSessionID in
> the url.
> Since search-engines don't login these 2 groups are nice mutually exclusive
> and so it's a clean cut when to strip the JSessionid and when not.
>
> Except that I'm still not sure how to do it.
> Wrapping the request and response in a handler (before Tapestry comes in
> action) and stripping it like that works, but doing it almost exactly the
> same in a dispather doesn't .
>
> That's why I think it has to do with some internal tapestry processing.
> Do you have an idea where to look?
>
>
> Howard Lewis Ship wrote:
> >
> > All the jsessionid functionality is provided by the servlet container,
> > not by Tapestry. And it does exactly what you are suggesting ...
> > except that its not about the user being logged in, its about the user
> > have a session.
> >
> > On Thu, Jul 10, 2008 at 8:52 AM, Britske <[EMAIL PROTECTED]> wrote:
> >>
> >> partially related to a post I send a couple of days ago, but perhaps
> this
> >> explains better what I'm trying to do.
> >>
> >> I'm trying to strip the jSessionId from displaying in the url if:
> >> 1. user doesn't have cookies (otherwise it won't display anyway)
> >> 2. user is not logged in.
> >>
> >> I wanted to implement this as a filter, but I have to go with a
> dispather
> >> since to see if a user is logged in I need to have access to the ASM,
> >> which
> >> I can't get to in a filter.
> >>
> >>
> >> Now somewhere in between all the HttpSevletRequest to tapestry.request
> >> comversion, etc. tapestry decides to take over the JSessionId provided
> by
> >> the HttpServletRequest. I want to intercept this call somehow and strip
> >> the
> >> JSessionId from the request.
> >>
> >> I implemented a Dispatcher (the last in the line before onActivate is
> >> called) and basically wrapped (subclassed) HttpServletRequest and
> >> HttpServletResponse to return null for the sessionid and have
> redirecturl
> >> return url. My own HttpServlet get's called in the app (and returns null
> >> for
> >> getrequestedSessionId()) This request is added as a constructor param to
> >> a
> >> newly created tapestry.requestImpl which are both saved to
> >> RequestGlobals. I
> >> though that should do the trick
> >>
> >> not...
> >> Apperantly somehow the jsessionid is picked up anyway although (when
> >> expecting requestglobals.getHttpServletRequest.getRequstedSessionId() in
> >> page.onactivate() this correctly returns null).
> >>
> >> Anyone?
> >> Thanks.
> >>
> >> my code:
> >> //SessionStripController
> >> public final class SessionStripController implements Dispatcher {
> >> private ApplicationStateManager asm;
> >> private RequestGlobals globals;
> >>
> >> public SessionStripController(ApplicationStateManager
> >> asm,RequestGlobals
> >> globals){
> >> this.asm = asm;
> >> this.globals = globals;
> >> }
> >>
> >> public boolean dispatch(Request req, Response response) throws
> >> IOException
> >> {
> >> if (req.isRequestedSessionIdValid() &&
> >> globals.getHTTPServletRequest().getCookies()==null)
> >> {
> >> Session session = req.getSession(false);
> >> if (session != null) session.invalidate();
> >>
> >> HttpServletRequestWrapper wrappednRequest = new
> >> HttpServletRequestWrapperOwn(globals.getHTTPServletRequest());
> >>
> >> HttpServletResponseWrapper wrappedResponse =
> >> new
> >> HttpServletResponseWrapper(globals.getHTTPServletResponse())
> >> {
> >> public String encodeRedirectUrl(String
> >> url) { return url; }
> >> public String encodeRedirectURL(String
> >> url) { return url; }
> >> public String encodeUrl(String url) {
> >> return url; }
> >> public String encodeURL(String url) {
> >> return url; }
> >> };
> >>
> >> globals.storeServletRequestResponse(wrappednRequest, wrappedResponse);
> >> globals.storeRequestResponse(new
> >> RequestImpl(wrappednRequest), new
> >> ResponseImpl(wrappedResponse));
> >> }
> >> return false;
> >> }
> >> }
> >>
> >>
> >> //HttpServletRequestWrapperOwn
> >> public class HttpServletRequestWrapperOwn extends
> >> HttpServletRequestWrapper
> >> {
> >>
> >> public HttpServletRequestWrapperOwn(HttpServletRequest request) {
> >> super(request);
> >> }
> >>
> >> public String getRequestedSessionId(){
> >> return null;
> >> }
> >>
> >> }
> >>
> >>
> >>
> >> --
> >> View this message in context:
> >>
> http://www.nabble.com/T5%3A-what-part-of-tapestry-adds-Jsessionid-tp18385573p18385573.html
> >> Sent from the Tapestry - User mailing list archive at Nabble.com.
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
> >> For additional commands, e-mail: [EMAIL PROTECTED]
> >>
> >>
> >
> >
> >
> > --
> > Howard M. Lewis Ship
> >
> > Creator Apache Tapestry and Apache HiveMind
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/T5%3A-what-part-of-tapestry-adds-Jsessionid-tp18385573p18387981.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
--
TheDailyTube.com. Sign up and get the best new videos on the internet
delivered fresh to your inbox.
