[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 297
  • Last Modified:

configure JSESSIONID

Hi,

I have seen in many application where after the url there is string appended "JSESSIONiD".
what are the steps to configure "JSESSIONID" in tomcat?
0
Rocking
Asked:
Rocking
  • 5
  • 4
1 Solution
 
rrzCommented:
what are the steps to configure "JSESSIONID" in tomcat?
If the client does not allow a session cookie, then url rewriting can be used. Each link to your web app that is sent to the client must be encoded using HttpServletResponse's  encodeURL or encodeRedirectURL methods.  Please use this demonstration code. You can block cookies in Google's Chrome browser.  
<%
  String url = request.getContextPath() +  request.getServletPath();
  String encodedURL = response.encodeURL(url);
  if(session.getAttribute("numberOfRequests") == null)session.setAttribute("numberOfRequests", 0);
  session.setAttribute("numberOfRequests", (Integer)session.getAttribute("numberOfRequests") + 1); 
%>
The session id is ${pageContext.session.id}<br/>
Is the session new? ${pageContext.session['new']}<br/>
Did the client send the session id in the url? ${pageContext.request.requestedSessionIdFromURL}<br/>
Did the client send the session id in a cookie? ${pageContext.request.requestedSessionIdFromCookie}<br/>
URL of this page is <%=url%><br/>
Encoded URL is <%=encodedURL%> <br/>
Number of requests in this session is ${numberOfRequests}<br/>
Use the links below to refresh this page.<br/>
<a href="<%=url%>">Not encoded request</a>&nbsp;&nbsp;&nbsp;<a href="<%=encodedURL%>">Encoded request</a>

Open in new window

0
 
RockingAuthor Commented:
are there any configuration in server also for jsession id?
0
 
rrzCommented:
You could set the <session-timeout> in your web app's web.xml  .   But the session tracking mechanisms are built-in.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
RockingAuthor Commented:
I mean to say other than coding is there any way for configuring jsession id in tomcat?
0
 
rrzCommented:
What properties do you want to configure?  Are you talking about the tracking mechanisms?
0
 
RockingAuthor Commented:
yes
0
 
rrzCommented:
I mean to say other than coding is there any way for configuring jsession id in tomcat?
No. It is like I posted above here. Did you try my demonstration JSP? If you don't encode your links, then url rewriting won't work. If the client uses a session cookie, then Tomcat won't use url rewriting. When the session is new, Tomcat uses both because it doesn't know whether the client will accept the cookie. Please try my demonstration JSP.
0
 
RockingAuthor Commented:
If the client does not allow a session cookie
In case client allows cookie then what is the procedure?
0
 
rrzCommented:
In case client allows cookie then what is the procedure?
If the client allows a session cookie, then the programmer doesn't have to do anything to track the session. In a JSP, the session is automatically created. The programmer would have to purposely prevent creation of a session by adding session="false" to the page directive. A JSP can access the implicit variable named session.  In a Servlet, the programmer must purposely create the session. The HttpServletRequest class has methods to create and access  the session.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now