?
Solved

Problem with jsessionid on Tomcat 5.0 while using JSF

Posted on 2005-03-29
7
Medium Priority
?
1,830 Views
Last Modified: 2013-11-24
Hi All,

I am using JSF as a development framework for my web application. I am using Tomcat 5.0 as my web server.

I have following code in unauthrized.jsf page

<HTML>
      <%@ taglib uri="http://java.sun.com/jsf/core" prefix="f" %>
      <%@ taglib uri="http://java.sun.com/jsf/html" prefix="h" %>
      
        <HEAD>
            <TITLE> QJet - UnAuthorized Page </TITLE>
            </HEAD>

      <f:view>            
            <h:form>
                  <h:outputText id="organization-error" value="You are not Authorized to access the this Application.  Please contact the" />
                  <h:outputLink value="mailto:njet.admin@ntc.com">
                  <h:outputText value="Aviation Team" />
                  </h:outputLink>
                  <h:outputText value=" if you have any questions." />
            </h:form>
      </f:view>
</HTML>

As per my programming logi, when unauthorised person tries to access my application then he gets redirected to this page. If user clicks on this "Acitation Team" link, new mail opens with proper "njet.admin@ntc.com" address in "To: " textbox.
If user closes this new mail and copy the url from browser of this unauthorized.jsf page and closes the browser. Now if user opens a new browser and pests the url of unauthorized.jsp page, he is still see this message of "Avitation Team", but this time if he clicks on this "Avitation Team" link the new mail opens with weired emailid in "To :" box is  "njet.admin@ntc.com ;jsessionid=12346fdf32323sdsd34".

I can't undestand that why this address get changed and adds jessionid? Does the tomcat server maintains this session for previously logged in user? Is it a part of JSF framework?
Anybody has any suggestion then please let me know.

Thanks in advance!
0
Comment
Question by:jas123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 29

Accepted Solution

by:
bloodredsun earned 400 total points
ID: 13660162
outputLink is used for rendering anchor tags <a>. One of it's abilities is for URL rewriting when session tracking by cookies is not enabled, just as th c:url tag does in JSTL. See here: http://216.239.59.104/search?q=cache:1YhtpzR80k8J:www.manning-source.com/books/mann/mann_chp4.pdf+outputLink+url+rewriting&hl=en&client=firefox-a

>> Does the tomcat server maintains this session for previously logged in user?
Depends on session time-out and whether you closed the browser completely.

>> Is it a part of JSF framework?
Which bit of the above
0
 
LVL 28

Expert Comment

by:rrz
ID: 13662199
I agree with bloodredsun's comments.  
> Now if user opens a new browser  
So, let's assume that now  session.isNew()  returns true.
In this case JSF doesn't know if client uses cookies yet. So it always sends the id in the first response.              rrz
0
 
LVL 29

Expert Comment

by:bloodredsun
ID: 13662732
>>So it always sends the id in the first response.

Shouldn't the request from the browser have a header telling the server that the browser accepts cookies? I suspect this may be an idiosyncrasy of JSF...
0
 
LVL 28

Expert Comment

by:rrz
ID: 13663048
>Shouldn't the request from the browser have a header telling the server that the browser accepts cookies?      
Maybe it should, but I don't think that it does(based on my google).         rrz
0
 
LVL 28

Expert Comment

by:rrz
ID: 14387641
I think I should get a few points here.     rrz
0

Featured Post

PowerShell Core for Advanced Linux Administrators

Understand advanced principals around Powershell Core with a focus on the Linux Administrator.  This course covers how to administer numerous environments across multiple platforms including Linux, Azure, AWS, and Google Cloud from a single shell instance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article is the first of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article explains our test automation goals. Then rationale is given for the tools we use to a…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
The viewer will learn how to implement Singleton Design Pattern in Java.
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question