Tha's an interesting route, i"ll have a look at it, Thanks.
joshcanfield wrote:
>
> I had a similar issue with my site and instead took the route of not
> creating the session for users that don't need it.
>
> I had to override the tapestry Form component so it only stored the
> validation tracker when there were errors and implement a session
> persistence that didn't create a session if the value stored was null. I
> believe the last part has been fixed in the standard session
> persistence. I'm in 5.0.11.
>
> here's my extended Form if you're interested.
>
> public class Form extends org.apache.tapestry.corelib.components.Form {
> @Persist
> private ValidationTracker _tracker;
>
> private ValidationTracker _nonPersistedTracker;
>
> public ValidationTracker getDefaultTracker() {
> if (_nonPersistedTracker == null) {
> if (_tracker != null) {
> // _tracker is loaded via injection magic when it's in the
> session
> _nonPersistedTracker = _tracker;
> } else {
> _nonPersistedTracker = new ValidationTrackerImpl();
> }
> }
> return _nonPersistedTracker;
> }
>
> public void setDefaultTracker(ValidationTracker defaultTracker) {
> _nonPersistedTracker = defaultTracker;
> }
>
> protected void onAction() {
> if (_nonPersistedTracker.getHasErrors()) {
> _tracker = _nonPersistedTracker;
> } else {
> _tracker = null;
> }
> }
> }
>
> Josh
>
> On Thu, Jul 10, 2008 at 10:30 AM, Britske <[EMAIL PROTECTED]> wrote:
>
>>
>> yeah I realize that JSessionId is there for the session, but I want to
>> build
>> functionality into a dispatcher that strips this jsessionid from the
>> request
>> if a user is not logged in (logged in in my app means that a
>> User-instance
>> exists in the ASM) and if the user has cookies disabled.
>>
>> The rationale is
>> that I don't want search-engines to see the JSessionid, but I want to
>> enable
>> users without cookies to login and track their settings using JSessionID
>> in
>> the url.
>> Since search-engines don't login these 2 groups are nice mutually
>> exclusive
>> and so it's a clean cut when to strip the JSessionid and when not.
>>
>> Except that I'm still not sure how to do it.
>> Wrapping the request and response in a handler (before Tapestry comes in
>> action) and stripping it like that works, but doing it almost exactly the
>> same in a dispather doesn't .
>>
>> That's why I think it has to do with some internal tapestry processing.
>> Do you have an idea where to look?
>>
>>
>> Howard Lewis Ship wrote:
>> >
>> > All the jsessionid functionality is provided by the servlet container,
>> > not by Tapestry. And it does exactly what you are suggesting ...
>> > except that its not about the user being logged in, its about the user
>> > have a session.
>> >
>> > On Thu, Jul 10, 2008 at 8:52 AM, Britske <[EMAIL PROTECTED]> wrote:
>> >>
>> >> partially related to a post I send a couple of days ago, but perhaps
>> this
>> >> explains better what I'm trying to do.
>> >>
>> >> I'm trying to strip the jSessionId from displaying in the url if:
>> >> 1. user doesn't have cookies (otherwise it won't display anyway)
>> >> 2. user is not logged in.
>> >>
>> >> I wanted to implement this as a filter, but I have to go with a
>> dispather
>> >> since to see if a user is logged in I need to have access to the ASM,
>> >> which
>> >> I can't get to in a filter.
>> >>
>> >>
>> >> Now somewhere in between all the HttpSevletRequest to tapestry.request
>> >> comversion, etc. tapestry decides to take over the JSessionId provided
>> by
>> >> the HttpServletRequest. I want to intercept this call somehow and
>> strip
>> >> the
>> >> JSessionId from the request.
>> >>
>> >> I implemented a Dispatcher (the last in the line before onActivate is
>> >> called) and basically wrapped (subclassed) HttpServletRequest and
>> >> HttpServletResponse to return null for the sessionid and have
>> redirecturl
>> >> return url. My own HttpServlet get's called in the app (and returns
>> null
>> >> for
>> >> getrequestedSessionId()) This request is added as a constructor param
>> to
>> >> a
>> >> newly created tapestry.requestImpl which are both saved to
>> >> RequestGlobals. I
>> >> though that should do the trick
>> >>
>> >> not...
>> >> Apperantly somehow the jsessionid is picked up anyway although (when
>> >> expecting requestglobals.getHttpServletRequest.getRequstedSessionId()
>> in
>> >> page.onactivate() this correctly returns null).
>> >>
>> >> Anyone?
>> >> Thanks.
>> >>
>> >> my code:
>> >> //SessionStripController
>> >> public final class SessionStripController implements Dispatcher {
>> >> private ApplicationStateManager asm;
>> >> private RequestGlobals globals;
>> >>
>> >> public SessionStripController(ApplicationStateManager
>> >> asm,RequestGlobals
>> >> globals){
>> >> this.asm = asm;
>> >> this.globals = globals;
>> >> }
>> >>
>> >> public boolean dispatch(Request req, Response response) throws
>> >> IOException
>> >> {
>> >> if (req.isRequestedSessionIdValid() &&
>> >> globals.getHTTPServletRequest().getCookies()==null)
>> >> {
>> >> Session session = req.getSession(false);
>> >> if (session != null) session.invalidate();
>> >>
>> >> HttpServletRequestWrapper wrappednRequest = new
>> >> HttpServletRequestWrapperOwn(globals.getHTTPServletRequest());
>> >>
>> >> HttpServletResponseWrapper wrappedResponse
>> =
>> >> new
>> >> HttpServletResponseWrapper(globals.getHTTPServletResponse())
>> >> {
>> >> public String encodeRedirectUrl(String
>> >> url) { return url; }
>> >> public String encodeRedirectURL(String
>> >> url) { return url; }
>> >> public String encodeUrl(String url) {
>> >> return url; }
>> >> public String encodeURL(String url) {
>> >> return url; }
>> >> };
>> >>
>> >> globals.storeServletRequestResponse(wrappednRequest, wrappedResponse);
>> >> globals.storeRequestResponse(new
>> >> RequestImpl(wrappednRequest), new
>> >> ResponseImpl(wrappedResponse));
>> >> }
>> >> return false;
>> >> }
>> >> }
>> >>
>> >>
>> >> //HttpServletRequestWrapperOwn
>> >> public class HttpServletRequestWrapperOwn extends
>> >> HttpServletRequestWrapper
>> >> {
>> >>
>> >> public HttpServletRequestWrapperOwn(HttpServletRequest request)
>> {
>> >> super(request);
>> >> }
>> >>
>> >> public String getRequestedSessionId(){
>> >> return null;
>> >> }
>> >>
>> >> }
>> >>
>> >>
>> >>
>> >> --
>> >> View this message in context:
>> >>
>> http://www.nabble.com/T5%3A-what-part-of-tapestry-adds-Jsessionid-tp18385573p18385573.html
>> >> Sent from the Tapestry - User mailing list archive at Nabble.com.
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> >> For additional commands, e-mail: [EMAIL PROTECTED]
>> >>
>> >>
>> >
>> >
>> >
>> > --
>> > Howard M. Lewis Ship
>> >
>> > Creator Apache Tapestry and Apache HiveMind
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: [EMAIL PROTECTED]
>> > For additional commands, e-mail: [EMAIL PROTECTED]
>> >
>> >
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/T5%3A-what-part-of-tapestry-adds-Jsessionid-tp18385573p18387981.html
>> Sent from the Tapestry - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
> --
> --
> TheDailyTube.com. Sign up and get the best new videos on the internet
> delivered fresh to your inbox.
>
>
--
View this message in context:
http://www.nabble.com/T5%3A-what-part-of-tapestry-adds-Jsessionid-tp18385573p18389130.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
