users@glassfish.java.net

Re: Session-ID Problem

From: Jan Luehe <Jan.Luehe_at_Sun.COM>
Date: Wed, 21 Oct 2009 18:53:19 -0700

Holger,

I've verified that URL rewriting of session ids works as expected with
GlassFish.

Note that GlassFish v3 implements the Servlet 3.0 spec, which adds standard
configuration support for session tracking modes, both declaratively in
the deployment
descriptor and programmatically (e.g., via a ServletContextListener).

For example, you could implement a ServletContextListener that disables
cookies
and enables URL rewriting of session ids, like this:

public class MyListener implements ServletContextListener {

    public void contextInitialized(ServletContextEvent sce) {
        
sce.getServletContext().setSessionTrackingModes(EnumSet.of(SessionTrackingMode.URL));
    }

    public void contextDestroyed(ServletContextEvent sce) {
        // Do nothing
    }

}


Jan

On 10/21/09 09:58, glassfish_at_javadesktop.org wrote:
> Hi,
>
> I try out today URL rewriting but I got some problems on glassfish v3 b57.
>
> I wrote the following servlet:
>
> public class Servlet extends HttpServlet {
>
> protected void doGet(HttpServletRequest httpServletRequest,
> HttpServletResponse httpServletResponse) throws ServletException, IOException {
> PrintWriter writer = httpServletResponse.getWriter();
>
> HttpSession session = httpServletRequest.getSession();
>
> System.out.println("session=" + session);
> String url = httpServletResponse.encodeURL("sample");
> writer.write("<html><head></head><body><a href='");
> writer.write(url);
> writer.write("'>Enc url: ");
> writer.write(url);
> writer.write("</a></body></html>");
> writer.flush();
> writer.close();
> }
> }
>
> The servlet simply generated an encoded URL (should be used in case that cookies are disabled). The line:
> HttpSession session = httpServletRequest.getSession();
> generated a new session if there is no session, otherwise reuses the session.
>
> The web.xml:
> <?xml version="1.0" encoding="UTF-8"?>
> <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
> http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
>
> <servlet>
> <servlet-name>myservlet</servlet-name>
> <servlet-class>Servlet</servlet-class>
> </servlet>
> <servlet-mapping>
> <servlet-name>myservlet</servlet-name>
> <url-pattern>/sample</url-pattern>
> </servlet-mapping>
> </web-app>
>
> There is no html/jsp page just goto: http://localhost:8080/sample
>
> For this example cookies must be disabled.
> After the first call the session is created and with click on the link it should be reused. But glassfish creates with every new click a new session.
> I try out this example on tomcat 6 and it works like I expect. Tomcat is reusing the session.
>
> I found some threads for glassfish 2. It seems to be there was similar behavior. The thread gave the advice to extend the sun-web.xml and to add the following lines:
> <session-config>
> <session-properties>
> <property name="enableCookies" value="false" />
> <property name="enableURLRewriting" value="true" />
> </session-properties>
> </session-config>
>
> I did this too, but the problem was the same.
>
> Can anybody explain this behavior or is this a bug?
>
> Thanks in advance
>
> Holger
> [Message sent by forum member 'hbrade' (holger_at_hbrade.com)]
>
> http://forums.java.net/jive/thread.jspa?messageID=368828
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>