Avoiding session id in the URL

Similar Messages

• How to pass session variables via the URL in CF10?

  Hi
  I have a client with some old Flash functionality (AS2). The SWF allows the user to upload an image. However a new session is being started when the upload script is called. I have added the CFID, CFTOKEN and JSESSIONID to the URL as I did in the past to maintain the session but I believe you cannot do this anymore with CF10, if this is correct can anyone point me in the right direction of how I would accomplish maintaining the session for the upload?
  This has a note about CF 10 - http://forums.adobe.com/thread/1178420
  Kind regards
  Shaun

  Hi Shaun
  Are you facing the same issue with all the browsers?
  Thanks
  VJ

• How to avoid using IRJ in the URL

  Hi,
  Were looking for a way to access our Portal with out having to append the /IRJ to the end of the URL.
  Does anyone know of a way around this?
  We're using IIS 6.0 & IISProxy 1.6 accessed from a DMZ with the Portal located on the private network.
  Thanks

  Hi Kris,
  you might like to check this link:
  how to get rid of the /irj on my website
  Hope this helps,
  Robert
  PS: Please consider rewarding points for helpfull answers. Thanks!

• Session id in BSP Url

  Hi
  I am creating a new iView of type BSP. On executing/previewing the iView the url is generated similar to:
  http://<hostname>:<port>//sap(bD1lbiZjPTEwMCZkPW1pbiZpPTEmcz1TSUQlM2FBTk9OJTNhZHYxZDIxX0QyMV8yMSUzYU5pOXBPcGVTbE9HTVk0ZWdfcU1jUnVkYU04MU5WUUdCTDhrai10cGMtQVRU)/bc/bsp/sap/<application>/<start page>.htm
  Although the BSP url is
  http://<hostname>:<port>//sap
  (bD1lbiZjPTEwMCZkPW1pbg==)/bc/bsp/sap/<application>/<start page>.htm
  So the session parameters generated in the two URLs is different and the latter one works fine but the earlier one gives some issue when trying to save etc and does not work as expected.
  I analysed the session parameters in the URLs and found that the former URL:
  (l)anguage en
  (c)lient 100
  (d)omainRelax min
  (i)info 1
  (s)ession-id SID:ANON:dv1d21_D21_21:Ni9pOpeSlOGMY4eg_qMcRudaM81NVQGBL8kj-tpc-ATT
  and the latter:
  (l)anguage en
  (c)lient 100
  (d)omainRelax min
  Is there any way this parameter be controlled from portal end so that I am able to get the BSP url (latter).
  Appreciate any pointers.
  Thanks,
  Priyanka

  Hi, it is not possible to diasable the url mangling you mentioned. You can call the static method
  cl_o2_helper=>generate_url_for_page to get an url for a specific page.
  Best regards,
  Stefan

• How to have ItemId in the URL in JSF based application

  I have a JSF based application and I am using faces-config.xml to navigate and I am using /redirect to navigate form case to case.
  The application lists products and upon selecting one, a product detail is displayed. I would like to have productId as part of the page URL so that URL can be emailed and the receiver can paste the received URL into browser and retrieve the product detail.
  Currently the URL is not rewritten to have session id in it.
  I am not ever sure where to start on this.

  Is this line correct?
  <value>#{param.productId}</value>
  Try it out yourself ;)
  This is clear and helpful. However I don't know how
  to create this URL
  (http://example.com/shop/products.jsf?productId=100)
  in the first place. The URL I have is in the form of
  http://example.com/shop/products.faces.
  Is adding '?productId=100' to the URL something
  configurable or it has to be done programmatically
  via URL rewriting?You can implement it in several ways:
  JSF<h:outputLink value="products.faces">
      <h:outputText value="click here" />
      <f:param name="productId" value="100" />
  </h:outputLink>
  <%-- or --%>
  <h:outputLink value="products.faces?productId=100">
      <h:outputText value="click here" />
  </h:outputLink>Or write a servlet listening on /shop/, scan the current request URI for product.faces, get the productId from the backing bean's session and rewrite the URL using request.getRequestDispatcher("product.faces?productId=" + productId).forward(request, response).
  Maybe there are more clever solutions using configfiles, but I don't have much experience (yet) with such GET request thingies in conjunction with JSF.

• Start new session automatically after the current one is expired

  Hi Guys,
  My application should be displayed on the screen 24/7 . The information there is being refreshed every 5 minutes. When the APEX session is expired the refresh stops working and the page has to be reloaded.
  I'm looking for the solution that would allow to keep the application always on and to start new session automatically without a human being involved.
  Thanks in advance,
  Elena

  Hi everybody,
  Being impatient, I've already found a solution. I created a JavaScript function the reloads the page. Instead of current session ID in the url I use 1. In this case apex generates the new session.
  The Timer Plug-in runs the function every X minutes.
  The function code is the following:
  function reload() {
       var url = location.href;     
       var g_app_id = '&APP_ID.';
       var g_page_id = '&APP_PAGE_ID.';
       var patt = new RegExp("[^=]+","i");  // i - Perform case-insensitive matching
       var newUrl = url.match(patt) + "=" + g_app_id + ":" + g_page_id + ":1";     
       window.location.assign(newUrl);
  I hope it might be helpful for you guys.
  Regards,
  Elena

• Encoding the URL request

  Could you plz assist me how encode the URL request that is getting from the client.The query about discarding a session is as follows
  (1)What will happened when employing invalidate() method of a session.
  (2) What is the distinguishing of invalidate() and logout if both has performed that all of the user's session will have been expired if we invoke anyone

  Making some guesses here.
  The invalidate() method does what it says: it invalidates the session. Most HttpSessionMethods will throw an IllegalStateException if called on an invalid session.
  There is no method or event that causes a "logout". It's something you have to do programmatically using the invalidate() method. Or the session could timeout in which case also it becomes invalid ( which is basically done by the container as opposed to you calling invalidate() )
  About URL encoding: do you mean URL rewriting which appends a session id to the URL to be used in case cookies are disabled? Then you need encodeURL() and encodeRedirectURL(). Working with the session with rewriting of URLs is exactly the same for you ( in your code ) as it is normally.
  If you mean making a safe URL, you need URLEncoder: http://java.sun.com/j2se/1.4.2/docs/api/java/net/URLEncoder.html
  I hope I got something right here.

• Can i avoid sending parametrers thru the address bar?  (read example)

  Let's say I have the following parameter in a web toolkit site (which is still in development).
  For example if I post the parameters to the next page:
  (previous page) ---> mypage.com/password
  if my in my password textitem I only have to put a valid number to go to next page, HOW CAN i AVOID THIS TO WORK:
  if I type the following in the Internet Explorer address bar: mypage.com/password(1234567)
  if by any chance that number is valid it will go to next page, how can I force and limit the page to send the parameter thru the TEXTITEM in the web, instead of both (the address bar and textitem)
  thanks

  Running a url as described: "mypage.com/password(1234567)", will fail after you patch mod pl/sql.
  If you run the url like this: "mypage.com/password?p_parameter1=1234567" will be the only way to call it.
  v3.0.9.8.4 of mod pl/sql is where this gets fixed but you really should be on v3.0.9.8.5.
  http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_id=188622.1&p_database_id=NOT
  This still doesn't fix your problem as you can look in the html code to find the name of the parameter and then create a url that will work.
  Use cookies with a session_id and store the session information in a table with the user information. Then you can build an xref table showing what the user has rights to.

• What do the globe and triangle with exclamation point mean on the URL bar and why do they sometimes change while surfing a page?

  I have always about this, as I've seen these more than once along multiple versions of Firefox. I'm well aware that the lock means the site is 'verified' though I don't know exactly what that entails. More recently, I've noticed that many websites either have the lock or else the globe with the markings on it which says that the connection to the site in question is 'unencrypted', but I don't know what that means. Sometimes this will change between pages on the same website. What I find stranger is that sometimes a a single page on one site will go from the lock to the triangle with the exclamation point in it. Now from what I can tell, it means something similar to the globe, as they seem to both state the same basic thing, that the website doesn't supply identity information and the connection isn't encrypted. What I want to know is how and why this happens, and sometimes even while still on the same page. I've encountered this on three different versions of firefox. The 24 esr, 28.0, and version 34. (Not all on one computer, mind. Though I believe it's possible to have multiple instances of Firefox on the same machine as I know someone mentioned being able to do that on another thread and I'd love to know how that's done if anyone can answer it.) These versions of firefox were on 8.1, and two distinct versions of XP from two different machines. Is this an odd glitch, or is something else going on there and if so, how does one fix it? So far it's happened to me twice on my own computer, once on a fiction website, and as of tonight, once on youtube. On the former, the switch happened on a single page, while on Youtube it changed from one page on the search bar to the actual channel of something in question and back again. Closing out the tab and doing a quick clearing of history seemed to work fine on youtube. The fiction website, not so much, though I haven't seen the triangle thing come back again, as everything there seems to be the globe. So far anyway. However it has come up before on various computers in the past that I've used with various firefox versions, as I've said. Can anyone explain what this is and how to fix it if it is indeed a problem?

  ''jscher2000 [[#answer-707094|said]]''
  <blockquote>
  The green padlock means your connection is HTTPS (encrypted) and the certificate identifies a particular site operator. Certificate issuers demand special verification for the Extended Validation (EVSSL) certificate that generates a green padlock.
  The gray padlock means your connection is HTTPS (encrypted) but the certificate cannot establish the operator of the site one way or another. No special identification is required to get this certificate.
  The exclamation point triangle symbols may indicate that the connection is partially encrypted -- some content is the page was sent over an open connection -- or recently it may indicate that the site uses such easily cracked encryption that you should treat it as providing no protection.
  And the point of all this is?! Simply this: if your web traffic is ''not encrypted'', it can be read by others. That's why login pages and sites dealing in your personal or sensitive information should always show a padlock in the address bar. If it's not there, be concerned.
  If a normally secure site suddenly shows a mixed content icon, try reloading the page (Ctrl+r or to re-request fresh copies of cached files use Ctrl+Shift+r).
  </blockquote>
  As it happens, I have tried the refresh thing. It doesn't always work on sites where this sudden changeover occurs. The weird thing is that, again, this happens at random and I've seen it occur over multiple versions of firefox, past and present, so it's not just relegated to just the three main ones I have most recently seen it on.
  Now what makes this even stranger is that I have seen a few pages on the fiction website (www.fimfiction.net to be specific) where the grey padlock at the very least shows up on a page, but then suddenly will go to the triangle. Not all of these pages have mixed content or even any content at all beyond simple text. A few have pictures or clickable links, but I usually avoid clicking on the links if I don't know and trust the website. More recently though, the near-entirety of the site has gone to the globe, when before it was the grey padlock. I think the one thing that remains padlocked is its login section. Is it just that the website needs to update its certificates? If so, I can probably just send the site runner a message about that.
  I dunno what to do with youtube when it shows up though other than just closing out the tab it's on, clearing my browser history, and reopening the site. It happens rarely with youtube, but it's not unheard of, and it follows along every page on the site once it pops up in one page at all until I shut down that tab. And this is a multiple version thing. These are the two sites where I encounter the issue the most as it's one of only a handful of websites I go to aside from an image gallery which is typically very good about safety. Or as much as it can be, at any rate. The only other site I frequent, www.fanfiction.net (probably the oldest fiction website still active today, and not to be confused with fimfiction) has the grey padlock at all times, aside from when I log into the site. I've used the https: prefix most times when going to a site the first time, and firefox has typically then used that prefix anytime I just enter the general website address in the URL bar, but sometimes it doesn't. Is that partially responsible for why I have seen the padlock switch to the triangle sometimes? I know the link that cor-el posted says that by default from version 16 up, mixed content is blocked by default and I don't think I've ever touched that in the options section of the tools, so what exactly do I do here? Just ignore it, or just keep hitting refresh or what? It doesn't happen all the time, after all, but it does still get annoying.

• Bw web report plugin http session hangs at the server side

  Hi,
  I am having problems when closing the browser of a BW web report. After I closed the browser by going File->close, I ran SM04 and found out the Plugin HTTP session hangs at the server side.
  How can we terminate the Plugin HTTP session at the server side when user closes the internet browser?
  I did implement a logoff function at my web template, if user clicks on the logoff, the Plugin HTTP session is terminated at server side correctly. But As you know, 50% of time user will close the report by closing the internet browser instead of clicking the logoff. That leaves lots of hanging Plugin HTTP sessions at our server side.
  By the way, we actived our BEX service at the SICF.
  Thanks for help!
  JA

  Hi
  If you want to avoid a blank page with logoff button, add opener=0
  <a href="<SAP_BW_URL CMD='LOG_OFF' ~command='logoff'
  >" onClick="javascript:window.close(opener=0);">Log off</a>
  If you want to close the session via X, use this code:
  create a sapscript function
  function closeSession()
  logoff()
  window.unload=CloseSession()
  However, the Plugin HTTP session isn't killed.
  Regards

• I'd like to save the URLs of the group of pages tabbed in one particular FF window to be reloaded en masse when I use FF again some time in the future

  I have a lot of browser tabs currently and I will not have finished using them by the time I next reboot, shutting down Firefox. On the other hand there are too many to fit neatly in one FF window so I've opened a 2nd window and moved a bunch over. Now I want to know how I can make sure FF will remember all the tab URLs when I start it again - and how I can be sure it will load them up in separate windows as presently. Because I have a feeling it will just dump them all in the one window. But there's too many to make that useful! On Opera you can save a 'session' with a particular selection of tabbed URLs, under a particular name, and then reload that session later. You can even start up several past sessions as separate windows at the same time. In that way you can select which groups of previous tabs you want to recall when. I'd like that in Firefox but I can't see anything to create it. :) What will happen for instance when I close the two current windows before rebooting? I suspect I will lose the record of the URLs in the window that is closed first, and only those of the 2nd to be recalled will come back when re-starting it. Basically there needs to be a "Save Group of Tabs" option on the File menu near "Save Page As...". On the other hand maybe this facility already exists and I just don't know how to find it?

  Take a look at [https://addons.mozilla.org/en-US/firefox/search/?q=Session&cat=all&lver=any&pid=1&sort=&pp=20&lup=&advanced= these extensions at AMO] for those features.

• Is it possible to change the URL of an application?

  Hi All,
            I was working with the oracle apex and created few applications almost a year back, due to my higher studies there is a gap with the tool..and finally I am in.
  Am planning to create an application which will be similar like a personal website.My doubt here is ..whether it's possible to change the URL by keeping a simple one which includes my name also
  instead of having this big..
  http://apex.oracle.com/pls/apex/f?p=10221:1:116416608594529
  I can understand that the whole URL describes the appln no,page no and session ID but its my doubt possible or not..If possible then how to proceed?
  Thanks
  with Regards,
  Ramya.

  My doubt here is ..whether it's possible to change the URL by keeping a simple one which includes my name also
  instead of having this big..
  http://apex.oracle.com/pls/apex/f?p=10221:1:116416608594529
  I can understand that the whole URL describes the appln no,page no and session ID but its my doubt possible or not..If possible then how to proceed?
  If you are just looking for a nice and short URL to start your application, why not just use a URL shortener service like goo.gl ?
  Just put in your long URL and it will create a nice and short URL for you... for example, the above URL is now http://goo.gl/FijYxn
  - Morten
  http://ora-00001.blogspot.com

• I need to add the values stored in the session object into the html textbox

  Dear Sir,
  i have been trying to create an edit employee details page
  What i have done till now is as follow:
  1. Got employee id from HTML page.
  2. Compared it with the id stored in the database.
  3. If the id is correct then pulled the record of the corresponding employee and stored it in the session object.
  4. Dispatched the session values to another servlet EditEmpDetails2.java
  what i need to do now
  5. Now i need to set the session values in the text field of the html form
  6. I also need to be able to edit those vales and store the edited values in the database.
  Please help me as i have tried doing it for 1 week without any clues
  i have tried to create a html page which is something like this:
  <html>
  <head>
  <title>Edit Employee Details Page</title>
  <body BGCOLOR="red" text="black">
  <h1 ><font color="black">Edit Employee Details Page</font></h1>
  <form action = "EditEmpDetails" method="Get">
  <table width="50% align="center"
  <tr><td>Employee ID: </td>
  <td><INPUT TYPE="TEXT" name="employeeid"<br></td></tr>
  <tr><td><center><input type="submit" value="submit"></center></td></tr>
  <tr><td><center><input type="reset" value="reset" ></center></td></tr>
  </table>
  </form>
  </body>
  </html>
  design of my servlet EditEmpDetails.java
  public void EditEmpDetails1 extends HttpServlet
  public void doGet(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException
  PrintWriter out = response.getWriter();
  response.setContentType("text/html");
  HttpSession session = request.getSession();
  String employeeid;
  String X = request.getParameter("employeeid");
  System.out.println("Employee iD:" + X);
  Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
  Connection con = DriverManager.getConnection("jdbc:odbc:murphy");
  String query = "Select * from users where employeeid=?";
  PreparedStatement stat = con.prepareStatement(query);
  System.out.println(stat);
  stat.setString(1,X);
  ResultSet rs = stat.executeQuery();
  while(rs.next())
  String Z = rs.getString(password);
  if(Z.equals(X))
  String A = rs.getString(1);
  session.setAttribute("employeeid", A);
  String B = rs.getString(2);
  session.setAttribute("firstname", B);
  String C = rs.getString(3);
  session.setAttribute("lastname", C);
  String D = rs.getString(4);
  session.setAttribute("gender", D);
  String E = rs.getString(5);
  session.setAttribute("dateofbirth", E);
  String F = rs.getString(6);
  session.setAttribute("address", F);
  String G = rs.getString(7);
  session.setAttribute("postalcode", G);
  String H = rs.getString(8);
  session.setAttribute("phone", H);
  String I = rs.getString(9);
  session.setAttribute("mobile", I);
  String J = rs.getString(10);
  String url = "/EditEmpDetao;s.java";
  RequestDispatcher dispatcher = getServletContext().getRequestDispatcher(url)
  dispatcher.forward(request,response);
  catch (Exception e)
  system.out.println(e)
  I do not know how to put the values stored in the session object into the html text box

  3. If the id is correct then pulled the record of the corresponding employee and stored it in the session object.do you really need to store this in session object?
  5. Now i need to set the session values in the text field of the html form which form? in a new html/jsp page? i suggest go for a JSP
  In your JSP page use JSP expression tags to put the session attributes.
  it's something like : <input type='text' name='employeeid' value='<%= session.getAttribute("employeeid") %>' >and you need to generateanother servlet for saving the details/modifications to the database.
  I think i m clear enough.
  if you need more clarifications. just try it and then post your problem.
  Diablo

• Bookmark a page with username/password in the URL

  I can add username/password for HTTP authentication directly to the URL (e.g. http://user:[email protected]/ ) and this works fine with the browser on Firefox OS 1.3 (on a ZTE Open C). However, when bookmarking that page, the bookmark doesn't include the username/password any more and so I'll have to manually enter the username/password when visiting that site again (after clearing private data) - and unfortunately there is no password manager for Firefox OS yet...
  Another way to add a bookmark appears to be via a small Javascript using the "save-bookmark", however that appears to only give me the option to add the bookmark to the Home Screen (and I am not sure if it will keep the username/password information in the bookmarked URL).
  Is there any other way to add a bookmark to the browser and keep the username/password information in the URL?

  Here is an example:
  http://user1:[email protected]/auth-basic/
  Works fine if you enter that URL in the URL bar. But when bookmarking it, it only gets bookmarked as http://test.webdav.org/auth-basic/ and so you will have to enter username and password again (after clearing cookies and session data) when opening from bookmarks.

• How to open the url in a new tab of the Browser

  Hi ,
  Am using jdev 11.1.1.2.1
  I have a commandLink in a jsff page and on click of that i want to open a new tab with the url given in the action listener.
  I have the action listener code below:
  FacesContext fctx = FacesContext.getCurrentInstance();
  ExternalContext ectx = fctx.getExternalContext();
  Url="/faces/Home.jspx";
  ectx.redirect(Url);
  For now it is redirecting in the same window and so wen i press the back button in the browser the session gets invalidated ,
  so i want to open it in a new tab.
  Please help.
  Thanks,
  Hari
  Edited by: Hari on Oct 15, 2012 2:23 AM

  Hi,
  You can try using "goLiink" and then use the property targetFrame set to "_blank"; below are some for ur references:
  targetFrame          
  _blank: The link opens the document in a new window.
  _parent: The link opens the document in the window of the parent. For example, if the link appeared in a dialog window, the resulting page would render in the parent window.
  _self: The link opens the document in the same page or region.
  _top: The link opens the document in a full window, replacing the entire page.
  Thanks,
  Pandu