users@glassfish.java.net

Re: [webtier] Re: How to prevent Glassfish v2 to rewrite urls with jsessionid?

From: Jan Luehe <Jan.Luehe_at_Sun.COM>
Date: Tue, 27 Jan 2009 11:41:59 -0800

On 01/27/09 11:24, Jan Luehe wrote:
> On 01/27/09 03:03, glassfish_at_javadesktop.org wrote:
>> Is session rewriting and session cookies an either or way in
>> glassfish? Tried to set <session-properties>
>> <property name="enableCookies" value="true" />
>> <property name="enableURLRewriting" value="true"></property>
>> </session-properties>
>> in my sun-web.xml. But this fix prevents that jsession id is appended
>> in encode(Redirect)URL/CoyoteResponse.
>> hreq.isRequestedSessionIdFromCookie() returns false BUT
>> getContext().getCookies() is true and prevents the rewrite!!!
>>
>> if (hreq.isRequestedSessionIdFromCookie() ||
>> (getContext() != null && getContext().getCookies()))
>>
>
> The
>
> getContext() != null && getContext().getCookies()
>
> check was added in order to address
>
> https://glassfish.dev.java.net/issues/show_bug.cgi?id=3972
> ("HttpServletResponse.encodeURL() unconditionally appends jsessionid
> if session is newly created")
>
> This means that you must remove this line from your sun-web.xml:
>
> <property name="enableCookies" value="true" />
>
> if you want the jsessionid to be included in the rewritten URL.
>
> See also https://glassfish.dev.java.net/issues/show_bug.cgi?id=7091

Sorry, I just realized this open bug:

  https://glassfish.dev.java.net/issues/show_bug.cgi?id=4394
  ("server log message says enableURLRewriting is not supported")

which I had evaluated as follows:

    The "enableURLRewriting" property is completely redundant and is
    currently ignored by the container.

    The only relevant property is "enableCookies". Setting it to false
    automatically enables url rewriting (which is why url rewriting worked
    for you).

    Not sure why 2 properties are needed for the same thing. :(

Therefore, rather than removing

  <property name="enableCookies" value="true" />

from your sun-web.xml, you should keep it and set it to "false" (as I
recommended in https://glassfish.dev.java.net/issues/show_bug.cgi?id=7091),
while removing

  <property name="enableURLRewriting" value="true"></property>

because "enableURLRewriting" is ignored in GlassFish v2.1.

In GlassFish v3, I will add support for "enableURLRewriting" such that
it and "enableCookies" are mutually exclusive: If both are present in a
webapp's sun-web.xml and set to the same value, deployment of the webapp
will fail.

Hope this helps.


Jan
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.