OTA Provisioning - Midlet-Install-Notify session tracking / URL rewriting

Hi all,
While developing an OTA provisioning platform, I got stuck at the nearly end of solution(User Tracking), hopefully a small thingy for you.
Now looking for a solution/help/advice (Thanx). The details are
I am developing an OTA Provisioning platform for Java Games . Herez the flow:
-> End User (Client) requests a content by entering his mobile no. via website
-> Server sends a WAP PUSH (Binary SMS) to his mobile.
-> When User opens the WAP PUSH (SMS), it will connect via GPRS to the server and start retrieving the game ( I am using Servlet to stream the JAD File)
-> Then it will retrieve JAR file (path defined in JAD file)
-> I have defined:
MIDlet-Install-Notify: http://myserver.com/content?323
in JAD File. So after Installation the Mobile handset connects the URL specified. I am then grabbing the status code i.e 900 or 901 ....
Problem:
User Tracking: I am not able to track the user for billing purpose e.g there are number of users each having unique Ids. When they download the content the Install-Notify connects to servlet but i am not able to distinguish among users as i am not able to dynamically assign User ID to MIDlet-Install-Notify URL in JAD File.
I am in now in real trouble. If any one knows the solution how to maintain session or URL rewriting i.e dyanmically assign Parameters to MIDlet-Install-Notify plz share it.
Thanks in advance
cheers
Hamid
[email protected]

Actually, this is not too hard: all you need is a server generating or at least processing the JAD-files. Then you can process the JAD file before it gets downloaded to the mobile device and add a parameter with the unique ID. Send this unique ID with each request of the MIDlet, and your done...
Code obviously depends heavily on your server technolgy and application architecture (e.g. database used etc.), on the MIDlet-side you need MIDlet.getAppProperty(String propertyName) (instance method of MIDlet).
Hope this helps,
david

Similar Messages

Help In MIDlet-Install-Notify

Hi All
I use Microsoft Framework 1.2 to develop mobile pages, obviously Microsoft.Net
My Problem is how do i retrieve the value posted by MIDlet-Install-Notify? How it will respond back to the URL I specify (mean in wat way), if possible Logic/Script either in Java or .Net for the page the value is posted. Wat are all the server values to be captured? Wats value u guys capture in java? How do u guys perform this?
Please Help Me
Thnx in Advance.

MIDP 2.0 only.

If user disable cookie how to set and use session with URL Rewritting

if user disable cookie how to set and use session with URL Rewritting by append session ID in url

If cookies are disabled, then app server will automatically try to use URL rewriting for session control. Programmer's responsibility is to encode any links or redirects using
response.encodeURL("/yourPage.jsp")
and
response.encodeRedirectURL("/yourPage.jsp")
See API for details
http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/http/HttpServletResponse.html#encodeURL(java.lang.String))

Unable of keep session using url rewriting tomcat

Hi everybody,
I have an application which communicates with a servlet. I am trying to use session tracking for my midp application with the url rewriting technique because of simplicity. I have tomcat 4.0.3 and MIDP 2.0. I had forced the use of url rewriting including this line into the server.xml file from tomcat:
<Context path="/webappname" debug="0" cookies="false" docBase="webappname"/>
This should force url rewriting, but when i call the method encodeURL in my servlet i only get a void
string. I know this isnt the best forum for this, but i have to try ;-). Any suggestion? all comments will be wellcomed, but please i dont want to use cookies and the rms api.
Thanks.

Are you aware that the MIDlet's networking won't support cookies or redirections automatically, and that you have to code that yourself: reading the "set-cookie" header and saving it for later, or catching redirection response codes (3xx) and changing the url accordingly?
Check out these tutorials:
http://www.javaworld.com/javaworld/jw-04-2002/jw-0426-wireless.html
http://developers.sun.com/techtopics/mobility/midp/articles/servlets/
shmoove

MIDlet OTA provisioning

How do I read the status code after MIDlet installation using the URL put against the parameter MIDlet-Install-Notify? My jad file has -
MIDlet-Install-Notify: http://127.0.0.1:8080/examples/jsp/MidletJsp/MidletJsp.jsp
in the above jsp, I have the code as :
<% out.print(request.getParameter("status")); %>
but the status does not get displayed.
Can anyone please tell me how to access the status?
Any good pointers to source of information would be welcome as well.
Thanks in anticipation.
Harsha

/*** Code to read the MIDlet-Install-Notify status codes ****/
 char[] body = new char[request.getContentLength()];
 int count = request.getReader().read(body);
 String status = new String(body,0,count);
 System.out.println(status );
[/code]
/***** Output ***/
 900 Sucess
 Important: Looking a solution for the following problem:
I am developing an OTA Provisioning platform for Java Games . Herez the flow:
-> End User (Client) requests a content by entering his mobile no. via website
-> Server sends a WAP PUSH (Binary SMS) to his mobile.
-> When User opens the WAP PUSH (SMS), it will connect via GPRS to the server and start retrieving the game ( I am using Servlet to stream the JAD File)
-> Then it will retrieve JAR file (path defined in JAD file)
-> I have defined:
 MIDlet-Install-Notify: http://myserver.com/content?323
in JAD File. So after Installation the Mobile handset connects the URL specified. I am then grabbing the status code i.e 900 or 901 ....
Problem:
 User Tracking: I am not able to track the user for billing purpose e.g there are number of users each having unique Ids. When they download the content the Install-Notify connects to servlet but i am not able to distinguish among users as i am not able to dynamically assign User ID to MIDlet-Install-Notify URL in JAD File.
I am in now in real trouble. If any one knows the solution how to maintain session or URL rewriting i.e dyanmically assign Parameters to MIDlet-Install-Notify plz share it.
Thanks in advance
Hamid
[email protected]

Sessions, URL Rewriting, and Cookies

First some background, then some questions:
 BACKGROUND
 I have written an application framework to use with JSP/EJB/Servlet
 based applications. This framework does URL rewriting
 (response.encodeUrl) for all URLs generated by the application, and I
 have URL-based session support turned on in WebLogic.
 Despite the fact that my browser is set to support cookies on my test
 machines, I have noticed that intermittently the URL rewriting to
 support session IDs kicks in. Then, later, it goes away again. This
 would seem to indicate that the client browsers are (for no apparent
 reason) deciding to occasionally not support sessions with cookies, so
 that the server has to step in and do URL writing instead.
 QUESTIONS
 1. Has this sort of behavior been reported by anyone else?
 2. Is there a servlet/JSP API anywhere that I can call on a per-HTTP
 transaction basis to see if the browser that is participating in the
 transaction is at that moment supporting cookies?
 3. There are times when my framework needs to delete a cookie by setting
 its maxAge to 0. Most of time time this works, but (as with the session
 ID/URL rewriting above) occasionall the cookie does not get deleted on
 the client brower machine. This screws up some of the application logic
 that I have in the framework. Is this related to the problems listed
 above?
 CONCLUSION
 Any and all information is appreciated, from anyone. Thanks!
 Chris


 Hi,
 To answer your question #1, yes I have seen this behaviour, and
 the explanation I feel is as follows.
 1] You access a resource on WL Server & it starts a session, at
 this moment it is not sure whether the browser supports cookies
 so it uses both methods, URL Writing & cookies to store the session
 ID
 2] On the next request, it tries to read the cookie, if it is able
 to read it that means cookies are enabled and there is no need
 to continue with URL Rewriting else it continues wioth URLRewriting.
 To answer Question #2, you can follow a procedure similiar to above
 to find out if browser supports cookies, ie set a cookie & in the
 next request try to read teh value.
 As far as Question #3 is concerned, try setting the magAge to -12
 hours insteda of 0 so that there is no problem even in case of
 a time difference.
 hope this helps
 Rahul
 Chris Dole <[email protected]> wrote:
 >First some background, then some questions:
 >
 >BACKGROUND
 >I have written an application framework to use with JSP/EJB/Servlet
 >based applications. This framework does URL rewriting
 >(response.encodeUrl) for all URLs generated by the application,
 >and I
 >have URL-based session support turned on in WebLogic.
 >
 >Despite the fact that my browser is set to support cookies
 >on my test
 >machines, I have noticed that intermittently the URL rewriting
 >to
 >support session IDs kicks in. Then, later, it goes away
 >again. This
 >would seem to indicate that the client browsers are (for
 >no apparent
 >reason) deciding to occasionally not support sessions
 >with cookies, so
 >that the server has to step in and do URL writing instead.
 >
 >QUESTIONS
 >1. Has this sort of behavior been reported by anyone else?
 >
 >2. Is there a servlet/JSP API anywhere that I can call
 >on a per-HTTP
 >transaction basis to see if the browser that is participating
 >in the
 >transaction is at that moment supporting cookies?
 >
 >3. There are times when my framework needs to delete a
 >cookie by setting
 >its maxAge to 0. Most of time time this works, but (as
 >with the session
 >ID/URL rewriting above) occasionall the cookie does not
 >get deleted on
 >the client brower machine. This screws up some of the
 >application logic
 >that I have in the framework. Is this related to the problems
 >listed
 >above?
 >
 >CONCLUSION
 >Any and all information is appreciated, from anyone. Thanks!
 >
 >Chris
 >

URL Session Tracking

Hi,
i want to make a group of JSP pages in a Web App, but assuming that the browser doesn't accept cookies.
Is there anyway that i don't have to indicate every link as
response.encodeUrl("index.jsp")I've heard something about a <url-session-tracking/> tag, but i've tried to put in the web.xml file, but it doesn't work.
I just want to put Index and the App Server takes care of putting the jsessionid info in front of the url
Thank you

Cancelling this question.

Always use URL Rewriting for session tracking?

All you JSP guru:
I am working on a JSP project that requires session tracking. I have successfully implements session tracking with both cookies or URL rewriting. I know that with the HttpSession object, it will always try to use cookie first, if that's disabled, then it'll automatically switch to URL rewriting. However, is there a way to force the HttpSession object to ALWAYS use URL rewriting instead of cookies? I have searched for an answer for a long time and haven't been able to found a solution. Is it possible at all? Thank you very much.

i was going to say that WebSphere always uses URL rewriting if you enable it at all, but someone beat me to it (indirectly) :-)
however, that seemed to me to be a violation of the spec, which seemed to imply the behaviour you're describing (only use URL rewriting if cookies are not supported on the current client)
here's a response someone else made on a websphere newsgroup to a statement in that regard:
I believe you are technically correct. However from my
experience, I think the spec if flawed in this area since
there is no reliable way of determining whether the
client browser supports cookies. The authority on
cookies (www.cookiecentral.com) says:
"To properly detect if a cookie is being accepted via
the server, the cookie needs to be set on one HTTP
request and read back in another. This cannot be
accomplished within 1 request."
This is asking too much of a servlet engine
implementation. Even if it did submit a request for this
purpose, the user could refuse the cookie. So
then technically the browser supports cookies, but the
servlet engine infers it doesn't. So if the servlet engine
infers the browser does not support cookies and so
encodes the URL, it is again out of spec because the
browser really does support cookies. By doing it
however encoding is configured makes things simpler,
robust, consistent and avoids the flaw.
My opinion.so, mostly i'm just rambling, but if you're using websphere, you should get the behaviour your boss wants. if you're using something else, i suppose there's a chance it'll "violate" the spec in this same, potentially helpful way.
btw, i remember somebody else complaining that URL rewriting is less secure than cookies, but i kinda think they're about equal. it seems like either could be intercepted by a sniffer and then used to spoof. but i'm no expert in that stuff...

How can I enable session(using url) tracking in home page

i am developing bidding application. How can I enable session(using url) tracking in home page ?
for example :
http://mydomine.com/index.jsp;jsessionid=4A38A4496F6862681DFD09CD6D648485.tomcat75
please help me.

Doubleposted. Please continue here: [http://forum.java.sun.com/thread.jspa?threadID=5308686&tstart=0]
In the future, do not use the back button to edit the message, but use the edit button instead. Otherwise you're reposting the form again. You should know that better as being a web developer.

How to Set URL-Based Session Tracking to No

Dear BSP Gurus
I am fairly new to BSP applications, but I am getting an error which goes "BSP exception: Access to URL /sap(bD1lbiZjPTEwMCZkPW1pbg==)/bc/bsp/sap/crm_ui_frame/ is forbidden" and notice some say they solved it by Setting URL-Based Session Tracking to No, so my question is how do I do that.
Unless off course there is another way to solve my problem. Would greatly appreciate it.
Awaiting your favorable response

Hey Raja and Rajani
I actually activated all the applications below SAP->BC->->SAP-> **(Application)*-> but still I am getting that error.
When I then test the individual applications I get errors like
"BSP Exception: Das Objekt default.htm in der URL /sap/bc/bsp/sap/bp_cont_main/default.htm?sap-client=100&sap-sessioncmd=open ist nicht gültig"
I really have run out if ideas, I need your assistance, initially I thought it cd be the logical link coz the work centres appear fine then I tried to assign even standard business roles, its giving the same error.
What do I do now?

WTK2.0 Beta 2.0 OTA provisioning

Trying to use OTA provisioning tool that came with WTK2.0.
I tried to install an application, go a message no midelt
found, check url. The host is correctly setup to serve
the jad and jar file. Thought I made some mistake in setting
up host, tried to download several apps already released commercially by other companies on the web and got the message for every such app.
Am I specifying url incorrectly? I tried giving url with ".jad" and without ".jad" extension. still no luck. Anybody has tried this can you please post the url that you enter exactly in test box?
for example I tried this url
http://www.innograte.com/mobile/midp/install/Dwindle.jad
the html file is here
http://www.innograte.com/mobile/midp/
can you install this game on your OTA app in wtk2.0 or any other url?

I got it working but..
One thing I have noticed just any page which
links to jad is not sufficent. You have to have
a page where there is nothing but simple link. I have
a html page with a table and inside one of the table
cell there is link to jad. It seems somehow it can't
parse the table formatting. When I created a simple html
file with nothing but link to jad file readily recongnized it.
Anybody has noticed this behaviour?

Disable non-SSL session tracking?

Hi, all,
I wonder if one can disable all session tracking in JSP's whenever SSL is not being used? I would like to turn off all cookie-setting and URL-rewriting and use SSL-session tracking only (if I use session-tracking at all on a given page). I also want to specify this behavior programmatically (inside my JSP's) and not in my server's config files.
I'm basically concerned that if my user leaves one of my HTTPS pages, they will still retain a non-secure cookie with their session information. This seems to be indeed the default behavior: when I run my tests and transition from an HTTPS page to an HTTP one, the browser does store a cookie. I know I can invalidate the session as the next step, but I'd rather have the cookie not being set altogether to begin with. Imagine the situation where the user leaves my HTTPS page for a totally different (HTTP) website: in this setting I won't get a chance to invalidate the session and delete the cookie.
Any ideas, therefore, on how to programmatically disable non-SSL session-tracking?
Thanks,
Dmitri.

I don't think you can do this programatically.
However I also don't think it is a problem.
Cookies are related to zone names aren't they?
http://mysite and https://mysite are two different
zones as far as cookies are concerned. One should
not be able to see the other.
It issues a new cookie for the http site you are just
navigating to. That cookie has nothing to do with
the secure site you just came from, and shouldn't be
able to tell them any info about the secure site.
I think you are worrying about something that isn't
really there.
What is your concern? That they pick up a JSESSIONID
from the cookie and can then pretend to be a
different user?Yes. A cookie is transmitted and stored unencrypted, I imagine (in any case, it should be more easily crackable than SSL). I wish Sun came up with an extension to the Session API where you would be able to explicitly specify which session-tracking protocols you want used and which ones you don't. At the moment their API abstracts and manages too much detail for you.
I mean, if my site is supposed to be secure while I'm using SSL, then you'd expect that no information about those secure sessions should leak outside the SSL protocol, wouldn't you say?

Looking for an expert on session tracking

I've got some session code running on RH linux using Apache and Tomcat. About 7% of my users experience a session variable not being present after a <jsp:forward> (or sendRedirect). I was thinking that it was related to cookies and how sessions are tracked, but I am using both the default cookie session tracking as well as URL re-writing; when I turn my browser's cookies off, I start seeing the jsessionid being used and everything still seems to work ok.
Is there anyone out there who might be willing to help me figure this pup out...why 7% of my users can't be tracked (session.getAttribute() doesn't find something that was placed into the session directly before the redirect/forward)?
/paul
[email protected]

OK, I've done a bunch of debugging. It appears all the folks who experience a "loss of session" have a URL with no parameters...even though I now parameters where passed.
Also, in some cases, the new URL that is being visited is accessed via either a <jsp:forward> or javascript's window.open.
Anyone know why some browsers might not pass parameters?

URL Rewriting Session ID Length in iPlanet Application Server

Hi there,
Does anyone know what the maximum length of the session ID value is when
using URL rewriting/encoding for session tracking (i.e.: ";jessionid=1234"
appended to the end of the URL) with iPlanet Application Server 6.0's
servlet container (or any previous versions)?
Does the length vary or is it fixed? And does WebSphere encode server or
failover information into the ID? WebLogic for instance, encodes the
primary and secondary failover servers into the ID when running in a
cluster)?
And finally, is there any way to restrict or specify the maximum length of
the session ID?
I ask this due to a limitation with some WAP clients & gateways which
prevents the URL from exceeding 128 characters.
Any info on this issue from iPlanet staff or anyone else is much
appreciated.
<background-info>
Please see the following links if you'd like some additional background:
http://e-docs.bea.com/wls/docs60/////wap/wapdev.html#1024984
under the heading "Session Tracking" at the bottom
http://groups.google.com/groups?hl=en&safe=off&th=eb7f38aa5086972e,13&seekm=
8gaki8%247d5%241%40newsgroups.bea.com#p
</background-info>
Regards,
Sasha Haghani

Sasha Haghani wrote:
Hi there,
Does anyone know what the maximum length of the session ID value is when
using URL rewriting/encoding for session tracking (i.e.: ";jessionid=1234"
appended to the end of the URL) with iPlanet Application Server 6.0's
servlet container (or any previous versions)?
I'm fairly certain that it is fixed. 18 for the attibute, 16 for the value, plus
1 for the equals. (Plus 1 for the ? if it didn't already exist.)
So 35 or 36 depending on how you count it. Someone needs to verify this and
check my counting though.
>
Does the length vary or is it fixed? And does WebSphere encode server or
failover information into the ID? WebLogic for instance, encodes the
primary and secondary failover servers into the ID when running in a
cluster)?I don't know what WebSphere does. iAS does not encode failover information in
the ID. Because of the way session is propogated, no server information needs to
be embedded in the id.
>
And finally, is there any way to restrict or specify the maximum length of
the session ID?No.

Oracle Forms Session Tracking mechanism

Hi,
In this doc http://www.oracle.com/technology/products/forms/pdf/10g/troubleshooting_fls.pdf we can read the following:
The JsessionID, which uniquely identifies a Forms session. The Forms Listener Servlet uses two session tracking mechanisms:
- Cookies, where the Servlet container sends a cookie to the client.
The client returns the cookie to the server upon each HTTP
request, thereby associating the session with the cookie.
- URL rewriting, where the Servlet container appends a session ID
to the URL path, for example:
http://host[:port]/forms90/l90servlet;jsessionid=a23445bcde89
Does this means that forms uses one of those, or uses both mechanisms simultaneous?
anyone?
Regards
Ricardo
Edited by: user12015527 on Mar 10, 2010 2:39 PM

duplicate post: Oracle forms session crashes.

OTA Provisioning - Midlet-Install-Notify session tracking / URL rewriting

Similar Messages

Maybe you are looking for