Session Id is appended as URL path parameter in very first request

Splash Forums Rewrite Users Session Id is appended as URL path parameter in very first request

This topic contains 5 replies, has 3 voices, and was last updated by  Lincoln Baxter III 1 year, 10 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #18744

    RedShadow
    Participant

    Hey, this is probably somehow more a servlet issue rather than rewrite issue.

    On the very first request(make sure you have no cookies set at all) the session id is appended to the URL as path parameter. I know that this is a mechanism to safely ensure session availability, but I would like to turn that off since the session id in the URL is somehow ugly…

    Can you offer any rewrite rules to handle that?

    #23012

    You are right. This is the default behavior of a servlet container. If the client doesn’t include a cookie in the first request, the container cannot tell whether the client supports cookies or not. Therefore the container embeds the session id in the URL.

    But you can disable this in your web.xml using the session-config element:

    <session-config>
    <tracking-mode>COOKIE</tracking-mode>
    </session-config>

    I hope this helps. :)

    Christian

    #23013

    RedShadow
    Participant

    Well i am using the following:

    <session-config>
    <session-timeout>15</session-timeout>
    <cookie-config>
    <name>BLAZEPLATFORM_SESSION</name>
    <http-only>true</http-only>
    <secure>true</secure>
    </cookie-config>
    <tracking-mode>COOKIE</tracking-mode>
    </session-config>

    and also this in a servlet context listener:

    final SessionCookieConfig cookieConfig = event.getServletContext().getSessionCookieConfig();
    final Set<SessionTrackingMode> modes = new HashSet<SessionTrackingMode>();
    modes.add(SessionTrackingMode.COOKIE);
    event.getServletContext().setSessionTrackingModes(modes);
    cookieConfig.setHttpOnly(true);
    cookieConfig.setSecure(true);

    but it is still not working.

    I am using JBoss AS 7.1.0.Final

    #23014

    That’s strange. I think tracking-mode exists since Servlet 3.0. Did you set the version to 3.0 in your web.xml?

    Otherwise my guess would be that it’s a bug in AS7.

    #23015

    RedShadow
    Participant

    Of course I use 3.0. Probably you are right and that is a bug. Right now it is not such a big deal, but maybe in a few months. Any suggestions on how to overcome that bug with rewrite? With a smart rule that might be possible right?

    Where would you suggest to report that issue, on JBoss Web project?

    #23017

    Yeah, I would report it in the JBoss Web project, but I would first attempt to reproduce the issue *without* Rewrite in the project. Even better would be if you could reproduce it with an Arquillian test case and attach that to the issue report.

    https://issues.jboss.org/browse/JBWEB

    Not sure how to work around this with Rewrite. We may need to change the order of some code in HttpRewriteWrappedResponse.encodeURL() in order to make this possible.

    Ideas welcome.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

Comments are closed.