Always use URL Rewriting for session tracking?

All you JSP guru:
I am working on a JSP project that requires session tracking. I have successfully implements session tracking with both cookies or URL rewriting. I know that with the HttpSession object, it will always try to use cookie first, if that's disabled, then it'll automatically switch to URL rewriting. However, is there a way to force the HttpSession object to ALWAYS use URL rewriting instead of cookies? I have searched for an answer for a long time and haven't been able to found a solution. Is it possible at all? Thank you very much.

i was going to say that WebSphere always uses URL rewriting if you enable it at all, but someone beat me to it (indirectly) :-)
however, that seemed to me to be a violation of the spec, which seemed to imply the behaviour you're describing (only use URL rewriting if cookies are not supported on the current client)
here's a response someone else made on a websphere newsgroup to a statement in that regard:
I believe you are technically correct. However from my
experience, I think the spec if flawed in this area since
there is no reliable way of determining whether the
client browser supports cookies. The authority on
cookies (www.cookiecentral.com) says:
"To properly detect if a cookie is being accepted via
the server, the cookie needs to be set on one HTTP
request and read back in another. This cannot be
accomplished within 1 request."
This is asking too much of a servlet engine
implementation. Even if it did submit a request for this
purpose, the user could refuse the cookie. So
then technically the browser supports cookies, but the
servlet engine infers it doesn't. So if the servlet engine
infers the browser does not support cookies and so
encodes the URL, it is again out of spec because the
browser really does support cookies. By doing it
however encoding is configured makes things simpler,
robust, consistent and avoids the flaw.
My opinion.so, mostly i'm just rambling, but if you're using websphere, you should get the behaviour your boss wants. if you're using something else, i suppose there's a chance it'll "violate" the spec in this same, potentially helpful way.
btw, i remember somebody else complaining that URL rewriting is less secure than cookies, but i kinda think they're about equal. it seems like either could be intercepted by a sniffer and then used to spoof. but i'm no expert in that stuff...

Similar Messages

  • Using URL Rewrite for HNSC Web App

    Greetz!
    I'm using host named site collections in my deployment of 2013 Enterprise. I've got a single web app, on the default zone, that was created on port 443 with the -SecureSocketLayer parameter. How can I seamlessly redirect users accessing a HNSC with http
    to the correct (and only) https url? I'm using the URL Rewrite 2.0 with IIS 8.5.
    I have the following rule in place but it is still throwing a 404 on pages. Is this able to work with Host Named Site Collections and does it matter that I've installed the Web App on 443 without having it on 80 first? It shouldn't but SharePoint has
    surprised me before ;):
      <rule name="SSL Redirect" enabled="true" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTPS}" pattern="off" />
                    </conditions>
                    <action type="Redirect" url="https://{SERVER_NAME}" redirectType="Found" />
                </rule>
            <rule name="HTTP/S to HTTPS Redirect" enabled="false" stopProcessing="true">
              <match url="(.*)" negate="true" />
                <conditions logicalGrouping="MatchAny">
                        <add input="{SERVER_PORT_SECURE}" pattern="1" />
                        <add input="{SERVER_PORT_SECURE}" pattern="0" />
         </conditions>
         <action type="Redirect" url="https://{HTTP_HOST}" redirectType="Permanent" />
         </rule>
    Love them all...regardless. - Buddha

    are you using the URL Rewrite on the same IIS web application as the SharePoint sites?
    Scott Brickey
    MCTS, MCPD, MCITP
    www.sbrickey.com
    Strategic Data Systems - for all your SharePoint needs

  • Cookies, URL-Rewriting, and Sessions

    Hi All,
    I am aware that this is probably a question that has been asked many times in the past. Nonetheless, I have not been able to fully comprehend the differences. Therefore I would appreciate it, if someone could kindly spend some time explaining the differences between the three and when each would be the most preferred solution. ( cookies, url rewriting and sessions )
    So far what I understand is that, cookies can be used to store small amounts of data not more than 4kb, and that most browsers can not accept more than 20 at a time.... but would it be correct to say that the data is stored within the http headers ?
    URL rewriting, on the other hand is a method which can be used if cookies have been disabled by a browser. The 'session id' is appended to the url, and used to remember the data. ( how ? ). Although, it does mean that the programmer has to be very careful and ensure that rewriting occurs everytime it is passed to the browser, including redirection. ( whatever that means ? )
    Http sessions, seem to be the best solution out of the three ( but if this is the case, why are cookies and rewriting still hanging around today ? And even being taught at universities ? ). Also, they work on top of cookies and if these have been disabled sessions will not work !! ....
    As you can see ( from the above ) I do not have a thorough understanding of the three methods, especially if it comes to specifying the differences between the three.
    I would appreciate an explanation.

    HttpSessions use cookies or url rewritting to pass the session id which the server uses to associate a particular session with a particular request. A well developed web application will be written to use url rewriting when a client has cookies disabled. That being said I yet to see such a web application and personally believe that few people still disable cookies.
    Cookies still have uses.
    Persistant cookies are used to store data that needs to persist between sessions. This data is stored by the browser in a text files and passed to the server in the header. An example of this would be a site that offers personalization would store the user's id so that each time the user accesses the site he would see his personalization without being required to log in. Yahoo is a good example.
    In memory cookies are stored in the browser's memory and is used to store temporary data that goes away when the browser closes. Again this data gets passed to the server in the headers. Temporary cookies can be used to pass data between seperate web applications runing on the same host where storing the data in the session will not because each application has it's own session.

  • I use i-tunes for backing tracks with an acoustic band...how can I get a playlist to play one song at a time and not go to the next one until I manually select it?

    I use i-tunes for backing tracks. How can I set up a play list to play only one song at a time and not go to the next one until I manually select it?
    Thanks

    Uncheck all the songs in the playlist. iTunes will then play one song and stop.
    Regards.

  • Is there any way to use a aunetreceive for a track within GarageBand?

    Is there any way to use a aunetreceive for a track within GarageBand?
    I have an application, Soundboard, which sends audio via the aunetsend plugin. I'd like to manage the output of this application within Garageband as a track. Is there any possible way to do this?
    Thanks

    Alas, no, not in VBA.
    Regards, Hans Vogelaar (http://www.eileenslounge.com)

  • Unable of keep session using url rewriting tomcat

    Hi everybody,
    I have an application which communicates with a servlet. I am trying to use session tracking for my midp application with the url rewriting technique because of simplicity. I have tomcat 4.0.3 and MIDP 2.0. I had forced the use of url rewriting including this line into the server.xml file from tomcat:
    <Context path="/webappname" debug="0" cookies="false" docBase="webappname"/>
    This should force url rewriting, but when i call the method encodeURL in my servlet i only get a void
    string. I know this isnt the best forum for this, but i have to try ;-). Any suggestion? all comments will be wellcomed, but please i dont want to use cookies and the rms api.
    Thanks.

    Are you aware that the MIDlet's networking won't support cookies or redirections automatically, and that you have to code that yourself: reading the "set-cookie" header and saving it for later, or catching redirection response codes (3xx) and changing the url accordingly?
    Check out these tutorials:
    http://www.javaworld.com/javaworld/jw-04-2002/jw-0426-wireless.html
    http://developers.sun.com/techtopics/mobility/midp/articles/servlets/
    shmoove

  • URL rewriting for a WebService Consumer Proxy

    Hi all,
    Did anybody come across this issue?
    I have a SAP System - let's call it "TM" -  that I want to bind with another non-SAP one - let's call it "FB" - without any PI between them.
    The communication is made as a Service Consumer (TM side), the Proxy (see image below) and Proxy-Implementation Class being generated automatically after the ".wsdl" file and the "url" given by the documentation of FB.
    Everything looks good! All the Methods (operations) that are available from the service have been added to the Implementing Class.
    After the Proxy generation, I also created the Logical Port (in transaction SOAMANAGER - see image below) where the path, host, prefix, and all the necessary stuff were also automatically created after the ".wsdl" document.
    So far so good! When I want to test it and to play along with this connection TM -> FB, I am creating the Proxy-Object, I am filling the required User / Pass / and an ID in order to call the first method. As you have probably guessed already: LOGIN.
        ls_in_login-login_request-id             = '...some ID...'.
        ls_in_login-login_request-user          = '...some user ...'.
        ls_in_login-login_request-password  = '...some password'.
    TRY.
             CREATE OBJECT lo_proxy
               EXPORTING
                 logical_port_name = 'ZAS_PORT_FB'.
         CATCH cx_ai_system_fault INTO lo_ref.    " Application Integration: Technischer Fehler
    ENDTRY.
       TRY.
           CALL METHOD lo_proxy->login
             EXPORTING
               input  = ls_in_login
             IMPORTING
               output = ls_out_login.
         CATCH cx_ai_system_fault INTO lo_ref.    " Application Integration: Technischer Fehler
         CATCH cx_ai_application_fault INTO lo_ref.    " Application Integration: Applikations Fehle
    ENDTRY.
    As a response, (meaning that the connection works and that the WebService acknowledges the connection) I get a "SessionID" -> a string of characters.
    In the Wiki of the Service is written that from this point on, every other methods (but I mean ALL of them, logout() also...) need to be called along with this SessionID. The problem is, that this SessionID doesn't have a specific place in the "inbound"-structure of the methods, but this mechanism of passing around the SessionID must be made with URL rewriting. Another solution would be to use COOKIES. From my point of view, a so-called URL rewriting would be easier, right?
    In the documentation is the following info written:
    URL rewriting (recommended):
    The JSessionId is attached to the URL of the SOAP request, as follows:  http://[URL];jsessionid=[jsessionid]
    Caused by tecnical reasons, it is necessary to specify the static string “;jsessionid=” in lower case letters.
    I have turned this "LO_PROXY" object around and around and around... trying to find a solution... a method...anything that would let me rewrite the URL, but nothing...
    I have also tried to use ce CL_HTTP_CLIENT class and to create myself the client and the URL and the host and everything manually... but in this case how do I end up in calling a specific "custom" method -> for instance... how do I call the "LOGIN"... or the LOGOUT...where do I put the parameters, etc?
    Do you have any suggestions / ideas / hints ?
    Thanks a lot in advance!
    Warm regards,
    Alex

    Hi Stefan,
    You are right! It doesn't support to set URL / HTTP parameters outside the logical port.
    Nevertheless, I have debugged the whole engine and found out that via custom coding (enhancements / modifications) and with extreme attention, the URL can be rewritten as desired.
    When a method of the proxy is called, let's say for instance: lo_proxy->logout (...) - as written up for example, the method CL_HTTP_CLIENT=>CREATE_BY_URL is called dynamically.
    In this method, in the "url" variable is the desired URL that needed to be rewritten.
    Here it's about an importing parameter, so it cannot be changed so easily, but it's not impossible.
    Another place where a nice Enhancement can be created is at the beginning of the FM "SWLWP_URI_PARSE".
    You need to be very careful not to change these places in all cases (this CREATE_BY_URL will be called pretty much), JUST when the specific conditions are fulfilled.
    Have a great day / week!
    Warm regards,
    Alex

  • APEX: Internet domain mapping / URL rewrite for Apps in the cloud

    Hello,
    I have registered for a trial access since first day in which the cloud was launched ... But, did not get access till now ... If I were to buy it, am I going to get access right away ??
    Is Oracle Cloud going to offer Internet domain name mapping to a specific APEX application ???
    Is Oracle Cloud u going to offer URL rewrite where APEX URL is not Search Engine friendly.... e.g:
    This site: http://www.enkitec.com/ was built on APEX, but as you can see the URL was rewritten ????
    Best Regards,
    Fateh

    Hi,
    According to your post, my understanding is that the rule was not processing for SharePoint 2013 result page.
    Please make sure you add the reverse rewriting rule correctly.
    For more information, you can refer to:
    Add the reverse rewriting rules (in the HTML)
    Setting up a Reverse Proxy using IIS, URL Rewrite and ARR
    Best Regards,
    Linda Li
    Linda Li
    TechNet Community Support

  • Apache Url rewrite for portal URLs

    Hi,
    I have a requirement where i need to write simple URL's for the default portal uRL's
    for example
    inspite of using default url like "http://myserver:port/portal/server.pt/community/abc_xyz/123/efg_jkl/12345",
    if user uses
    "http://myserver:port/portal/server.pt/xyz"
    It should navigate to same default URL.
    Can somebody let me know how this can be achieved.
    I know Url rewriting is done through Apache Url rewrites but do not have an idea how apache does it with portal Url's. What configurations need to be done in order to manage portal Url's with apache rewrites.
    Thanks
    Ajay

    Hi Ryan,
    Thanks for the reply. The link shows how to write the Rewrite rules in apache. I am familier with that. The actual problem is that how can the portal Url's be controlled by apache rewrites. My apache and weblogic are both on the same server instance but after writing the rewrite in httpd.conf file. It does not work out. Just want to know how can i tell apache to handle my portal Url's too.
    Is there any specific entry that we need to make for doing this.
    Thanks
    Ajay

  • Option to always use sidecar files for XMP

    Lightroom gives you the option to write metadata to XMP files, which is convenient if you want to share data with other programs (ACR, various DAM programs). In the beta versions, this data would always be stored in .XMP sidecar files, presumably for safety reasons. However, V1 writes the XMP data into the image file itself for those formats that support it (DNG, JPG, TIFF).
    I would really like to have the option to *force* Lightroom to use sidecar files for XMP data, like the betas did. The current V1 behavior (embedding data) is quite inefficient for fairly common backup scenarios.
    For example, I tend to back up all my raw files onto DVD after importing and culling. In addition I make a daily backup of all metadata that gets sent over the internet to a web server - a relatively small upload. What happens if I use DNG for my raw files and update something as small as a keyword? Indeed, *all* of the corresponding DNG files are modified, and because my backup software cannot know that only the XMP data has changed, all files must be burned to DVD again. If the metadata were stored in sidecar files, a simple, efficient metadata backup would take care of things.
    To implement this, a simple switch in the preferences would suffice, and the necessary code is already there. The only possible problem is the occurrence of two files with identical names, excluding the extension. For this case, I can see four different 'solutions':
    1) Force XMP metadata to be synchronized between files with equal names
    2) Make an .XMP sidecar file for only one of the files (always the raw file, for example)
    3) Update the XMP specification to specify what should be done in this situation (maybe include the file extension in the XMP data)
    Reards,
    Simon

    Actually, I don't (notice the 'if' :)). And this is only one of the reasons. I just picked DNG as an example, to keep things simple and because it seems Adobe wants DNG to work well for photographers.
    However, the same applies to JPG and TIFF images. I often end up changing details in the metadata after the image has been finished. For example, to correct the spelling in a keyword that has been applied to half the images in my database... Talking about a nightmare scenario!
    Simon

  • HT1491 I've always used itune cards for purchases but i would like to use my credit card now and i can't find where to enter my credit information. can anyone help me with this please

    I've always used itune cards but now I would like to put my credit card info in itunes and can not figure out how to do it can anyone help me please

    If you tap on your account id in Settings > iTunes & App Stores you should be able to view your account info (after you've typed in your password) and you should get a payment details option. Or you can do it via the Store > View My Apple ID drop-down menu option on your computer's iTunes

  • Unclear on URL rewriting for SunONE

    On IAS 6.5 running on IWS 6.0 SP4, when is a URL actually rewritten with the Session ID?
    1. When I call response.encodeURL(theURL) so that its return value should be theURL with the extra Session ID params.
    2. When the html is sent back and the AppServer or WebServer intercepts the html and rewrites all URLs regardless of whether I called response.encodeURL(someURL).
    I ask cause it doesn't seem like response.encodeURL is doing anything. Although other URLs that I didn't explicitly encode are getting encoded.
    I have found that the URLs that are not rewritten with the Session ID are those that appear in:
    1.Javascript such as onClick="javascript:document.location.href='/NASApp/myscriptservlet' "
    2. Posted Forms such as <form method="post" action="/NASApp/myapp/myformservlet">
    And URLs that are rewritten with the Session ID are those that appear in:
    1. Anchor Tags such as link
    2. Image Tags such as <img src="/NASApp/myapp/myimageservlet">
    The worst part of it all is that in my JSP I explicitly call encodeURL for the URL in the javascript and the form action URL and these are the two that don't get encoded.

    Hi Stefan,
    You are right! It doesn't support to set URL / HTTP parameters outside the logical port.
    Nevertheless, I have debugged the whole engine and found out that via custom coding (enhancements / modifications) and with extreme attention, the URL can be rewritten as desired.
    When a method of the proxy is called, let's say for instance: lo_proxy->logout (...) - as written up for example, the method CL_HTTP_CLIENT=>CREATE_BY_URL is called dynamically.
    In this method, in the "url" variable is the desired URL that needed to be rewritten.
    Here it's about an importing parameter, so it cannot be changed so easily, but it's not impossible.
    Another place where a nice Enhancement can be created is at the beginning of the FM "SWLWP_URI_PARSE".
    You need to be very careful not to change these places in all cases (this CREATE_BY_URL will be called pretty much), JUST when the specific conditions are fulfilled.
    Have a great day / week!
    Warm regards,
    Alex

  • No longer able to use previous method for adding tracks and orginizing my library :(

    I use to add a few mp3's to my library then sort the library by date added to see the just added tracks at the top [most recent] of that view, well that don't always work since itunes 11. Can anyone explain please? or even offer an alternate method? I know there is now a folder named "Automatically Add to iTunes" is it absolutely necessary that I use that folder? If it is that odd because not everyone is as gifted as I {NOT!} and they might not be able to locate the folder.
    thanks
    Fredy

    You can restore much of the look & feel of the previous version with these shortcuts:
    CTRL+B to turn on the menu bar.
    CTRL+S to turn on the sidebar (your device should be listed here as before).
    CTRL+/ to turn on the status bar.
    Click the magnifying glass top right and untick Search Entire Library to restore the old search behaviour.
    Use View > Hide <Media Kind> in the cloud or Edit > Preferences > Store anduntick Show iTunes in the cloud purchases to hide the cloud items. The second method eliminates the cloud status column (and may allow iTunes to start up quicker).
    Use the Songs view and enable (if necessary) the Date Added column, then sort in descending order. Alternatively you could use the Recently Added smart playlist to view your imports.
    tt2

  • URL rewriting for the links

    Hi
    I have my webapplication which is running on tomcat ....and as of now i havent encoded any of my links in the web application ...they are like
    <a href="/action.do?id=1"></a>
    Is it my duty to keep all the URLs encoded so that if the client diables the browser this would be helpful ??
    Currently then if a client disables the cookies my application should not work properly right ??
    Can any one enlighten this

    If you are using Struts, then use the html:link tag.
    That will automatically encode the URLs for you if necessary.
    <% pageContext.setAttribute("id", "1"); %>
    <html:link action="/action" paramId="id" name="id"/>
    http://struts.apache.org/userGuide/struts-html.html#linkCheers,
    evnafets

  • Always use default account for replays and forwards

    Dear All,<o:p></o:p>
    I have the next setup:<o:p></o:p>
    .- Two different pop account using the same .pst file, by default outlook use the account and emails is received as the from account
    when replying and forwarding that email.<o:p></o:p>
    I need to always reply and forward from the default account even when the emails is received by the other pop.
    Thanks in advanced.<o:p></o:p>

    Hi Daniel,
    Edit the SMTP (Outgoing Server Settings) server information and assign the details of second email address through which you want to send email.
    You can also use the given VB code to perform this task:
    Set oMail = Application.ActiveExplorer.Selection(1).Reply
    Source:
    http://www.slipstick.com/outlook/email/choose-the-account-to-send-a-reply-from/
    Note: Improve community discussions by marking the answers helpful otherwise respond back for further help.
    Thanks
    Clark Kent

Maybe you are looking for

  • Safari not rendering Verdana

    I cleaned up my fonts today when Font Book flagged several fonts were duplicates or had other problems. I removed the fonts as suggested by FB and there were no immediate problems anywhere, not even Safari. This morning, without having logged out or

  • Is iWeb Good for Blogging, compared to free software?

    I'm trying to decide if it's worthwhile to continue using iWeb for my blog. It's a little cumbersome, it's hard to set up sitemaps and increase traffic, and it doesn't always work very well. Any honest opinions comparing it to Blogger, WordPress, and

  • An error occured while attempting to perform the operation.

    Hi I'm getting the following error message in my disco plus report. "An error occured while attempting to perform this action. The operation did not complete successfully. Extra Internal info: (OLException Cause:OLException { Code: OLCmRefException::

  • AlwaysOn Failover Scenarios

    Hi, I have implemented AlwaysOn feature between two standalone SQL Server instances hosted on two Clustered nodes in two different subnets (multisite clustering with Node and File Share Majority quorum). I have configured AlwaysOn for automatic failo

  • How can i control background colors with items (registry.dat)

    Hello Evry one..... plzzzzzzzzz help. how can i control background colors with display items in registry.dat like app.ui.requiredFieldvABGCOLOR=255.0.0 how can i control background colors with others items ???? thanks.