Skip to main content

[webtier] Re: How to prevent Glassfish v2 to rewrite urls with jsessionid?

2 replies [Last post]
Anonymous

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Jan Luehe

On 01/27/09 03:03, glassfish@javadesktop.org wrote:
> Is session rewriting and session cookies an either or way in glassfish?
> Tried to set
>
>
>
>

> in my sun-web.xml. But this fix prevents that jsession id is appended in encode(Redirect)URL/CoyoteResponse. hreq.isRequestedSessionIdFromCookie() returns false BUT getContext().getCookies() is true and prevents the rewrite!!!
>
> if (hreq.isRequestedSessionIdFromCookie() ||
> (getContext() != null && getContext().getCookies()))
>

The

getContext() != null && getContext().getCookies()

check was added in order to address

https://glassfish.dev.java.net/issues/show_bug.cgi?id=3972
("HttpServletResponse.encodeURL() unconditionally appends jsessionid
if session is newly created")

This means that you must remove this line from your sun-web.xml:

if you want the jsessionid to be included in the rewritten URL.

See also https://glassfish.dev.java.net/issues/show_bug.cgi?id=7091

Thanks,

Jan

> [Message sent by forum member 'joma_javanet' (joma_javanet)]
>
> http://forums.java.net/jive/thread.jspa?messageID=328357
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
> For additional commands, e-mail: users-help@glassfish.dev.java.net
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: webtier-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: webtier-help@glassfish.dev.java.net

Jan Luehe

On 01/27/09 11:24, Jan Luehe wrote:
> On 01/27/09 03:03, glassfish@javadesktop.org wrote:
>> Is session rewriting and session cookies an either or way in
>> glassfish? Tried to set
>>
>>
>>

>> in my sun-web.xml. But this fix prevents that jsession id is appended
>> in encode(Redirect)URL/CoyoteResponse.
>> hreq.isRequestedSessionIdFromCookie() returns false BUT
>> getContext().getCookies() is true and prevents the rewrite!!!
>>
>> if (hreq.isRequestedSessionIdFromCookie() ||
>> (getContext() != null && getContext().getCookies()))
>>
>
> The
>
> getContext() != null && getContext().getCookies()
>
> check was added in order to address
>
> https://glassfish.dev.java.net/issues/show_bug.cgi?id=3972
> ("HttpServletResponse.encodeURL() unconditionally appends jsessionid
> if session is newly created")
>
> This means that you must remove this line from your sun-web.xml:
>
>
>
> if you want the jsessionid to be included in the rewritten URL.
>
> See also https://glassfish.dev.java.net/issues/show_bug.cgi?id=7091

Sorry, I just realized this open bug:

https://glassfish.dev.java.net/issues/show_bug.cgi?id=4394
("server log message says enableURLRewriting is not supported")

which I had evaluated as follows:

The "enableURLRewriting" property is completely redundant and is
currently ignored by the container.

The only relevant property is "enableCookies". Setting it to false
automatically enables url rewriting (which is why url rewriting worked
for you).

Not sure why 2 properties are needed for the same thing. :(

Therefore, rather than removing

from your sun-web.xml, you should keep it and set it to "false" (as I
recommended in https://glassfish.dev.java.net/issues/show_bug.cgi?id=7091),
while removing

because "enableURLRewriting" is ignored in GlassFish v2.1.

In GlassFish v3, I will add support for "enableURLRewriting" such that
it and "enableCookies" are mutually exclusive: If both are present in a
webapp's sun-web.xml and set to the same value, deployment of the webapp
will fail.

Hope this helps.

Jan

---------------------------------------------------------------------
To unsubscribe, e-mail: webtier-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: webtier-help@glassfish.dev.java.net