Skip to main content

[webtier] Re: URL Redirects Not Working on v2.1 b60e

1 reply [Last post]

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Jan Luehe

Hi Burak,

On 02/13/09 00:30, wrote:
> Hi, Jan
> In order to achive cookieless security, I deliberately disabled cookies and enabled URL rewriting. Now, Glassfish includes jsessionid to the URL but it doesn't include the redirect url when it sends the user to login.
Yes, this is a bug, and I have a fix for it (in
which is to pass the login page URI to encodeRedirectURL before issuing
a redirect
to it:

--- (revision 24764)
+++ (working copy)
@@ -444,8 +444,10 @@
disp.forward(request.getRequest(), response.getResponse());
} else {
- ((HttpServletResponse)
- sc.getContextPath() + config.getLoginPage());
+ HttpServletResponse hres = (HttpServletResponse)
+ response.getResponse();
+ hres.sendRedirect(hres.encodeRedirectURL(
+ sc.getContextPath() + config.getLoginPage()));
} catch (Throwable t) {

But I'm not sure how this would help, because you have to append the
to the j_security_check action submitted from your login page in order
to be able
to resume the session ...

> So is there a way to include the redirect URL into the URL too? I don't know but do I have to enable cookies to achive security?
> [Message sent by forum member 'bsevindi' (bsevindi)]
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail: