Solved

Mod Rewrite rules to remove session id

Posted on 2006-11-07
8
2,584 Views
Last Modified: 2008-01-16
Hi everyone, I'm having a difficult time stripping out session id's from our urls.  We no longer generate session ID's in the url, however we have a lot of links out there with them still in the url.  We need to strip them for those people coming in so that google no longer hates us.

Here is a typical URL:  http://www.domain.com/home/contact_us.jsp;jsessionid=cThW1ZRbzXZ4

I need to rewrite that so that it goes instead to: http://www.domain.com/home/contact_us.jsp

And unfortunately, it is not for this single page, but rather for every page we host.. therefor we need a wildcard match for ANY page with sessionid to send them to the correct page.

We are using Apache 1.3.37 on Fedora.

Thanks!
0
Comment
Question by:nstephens
8 Comments
 
LVL 4

Expert Comment

by:Tol_cv
ID: 17896900
try :

RewriteEngine on
RewriteRule ^(.*);jsessionid=(.*)$    $1 [L]
0
 
LVL 16

Expert Comment

by:HackneyCab
ID: 17899497
Is that meant to be a semicolon? I thought query strings had to begin with a question mark? According to the definition of a URI, that is.
0
 

Author Comment

by:nstephens
ID: 17900282
Yes it is meant to be a semilcolon.  It is how the resin java server works by default, I suppose.

Tol_cv, I have tried your rule in the following methods, but to no avail.  the page still comes up with the jsessionid shown.  My understanding is that [L] means "this is the last rule", so I tried it a few different ways, as shown below:

        RewriteEngine on
        RewriteRule ^(.*);jsessionid=(.*)$ $1 [L]
        RewriteOptions inherit

        RewriteEngine on
        RewriteRule ^(.*);jsessionid=(.*)$ $1 [L,PT]
        RewriteOptions inherit

        RewriteEngine on
        RewriteRule ^(.*);jsessionid=(.*)$ $1 [PT]
        RewriteOptions inherit
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 27

Expert Comment

by:caterham_www
ID: 17951491
> the page still comes up with the jsessionid shown

Your rule will rewrite an incomming request of foo;jsessionid=bar to foo, but this will not change the browser's address bar. You must use the R flag In order to change it, and provide an URL-path in the substitution (in directory context your $1 subst. would result in an local filepath without the RewriteBase directive)

The PT flag is only relevant in per-server context (httpd.conf, outside of <directory> sections) for internal rewriting, but anyway I don't know where (=in which context) you're using the rules.

RewriteEngine on
# we do not expect an other ';' in the pattern
RewriteRule ^/([^;]+);jsessionid /$1 [R=301,L]

in order to get this working in directory context (e.g. .htaccess files), remove the leading slash in the rule-pattern (->  ^([^;]+);jsessionid  )
0
 

Author Comment

by:nstephens
ID: 17951553
I attempted your suggestion, but it also failed to work.. my httpd.conf entry looks like such:

        RewriteEngine on
        RewriteRule ^/([^;]+);jsessionid /$1 [R=301,L]
        RewriteOptions inherit

Perhaps this is because the url looks like http://www.domain.com/home/contact_us.jsp;jsessionid=cThW1ZRbzXZ4 (with =[characters]) ?

I don't suppose theres any good log functionality that allows you to see how/when rewrite rules are being used?
0
 
LVL 27

Accepted Solution

by:
caterham_www earned 500 total points
ID: 17954653
That should match. It doesn't matter what comes right to jsessionid, because the RegEx is left open to the right side and would match anything.

You can track the rewriting process with a RewriteLog, using the directives rewriteLog and RewriteLoglevel, e.g.

Rewritelog logs/rewrite.txt
Rewriteloglevel 5
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now