Hi Bill,

In my case, I can't use taglibs since I am generating the code dynamically.
But even if I could use taglibs, then part of what the taglib does is really
using response.encodeURL("second.jsp") to do the URL rewriting without you
having to worry about it. So, I think the ultimate answer is that yes, I
need to do URL rewriting for each individual link in my server manually if I
want user connections to have a session associated with them; any link that
I don't do this for, and the user clicks on will cause the session to be
lost. And as a result, there is no magic switch that Tomcat or any filter
has that I can turn on to have this automatically done. This is really what
I want to know, that there is no magic switch that I am missing on.

The problem is that I have thousands of links in my pages, and now I have to
go in and change each one of them so that they do URL rewriting in case the
user's doesn't allow cookies.

Am I correct in assuming that there is no magic switch in Tomcat or anywhere
to have url rewriting done for me?

By the way, I know that I can write a servlet filter that would parse the
response being sent to the user and do URL rewriting for any link in the
response, but I think that is considered a bad practice since then every
link will have the jsessionid with it. Suppose I am linking to
www.yahoo.com which is outside my application, then the jsessionid will be
associated with that link as well which someone had mentioned it is not a
safe practice.

Thanks,
Kasra






----- Original Message -----
From: "Bill Barker" <wbarker@(protected)>
To: <users@(protected)>
Sent: Wednesday, January 03, 2007 11:51 PM
Subject: Re: URL rewriting For Session Tracking


> Usually you would use a tag lib for this sort of thing. With struts, it
> would look something like:
> <html:a href="second.jsp">second page </html:a>
>
> <jobs@(protected)
> news:00d501c72fc8$1cb11340$3c34de0a@(protected)...
>> Your reply answered another question that I had. But I think I still
>> haven't described my current question clearly. suppose I have 3 JSP
>> pages in my application.
>> --
>> first.jsp
>> second.jsp
>> third.jsp
>> --
>> Now, in my first.jsp, I have nothing but 2 links to the other two JSP
>> pages. If I want the session to be maintain when use clicks on the links
>> to go to the other pages, then can first.jsp be the following:
>> --
>> <a href="second.jsp">second page</a>
>> <a href="third.jsp">third page</a>
>> --
>> Or, the code in first.jsp must be the following:
>> --
>> <a href='<%=response.encodeURL("second.jsp")%>'>second page</a>
>> <a href='<%=response.encodeURL("second.jsp")'%>>second page</a>
>> ----
>>
>> Note: If I use the first syntax, then unless Tomcat or some patch or
>> filter parse the code and add the jsessionid to the link automatically,
>> then the user will be losing the session when to goes from first.jsp to
>> the other ones. And that's my question; can I use the first syntax. Or
>> there is no way but to use the second syntax if I want the session to be
>> kept.
>>
>>
>> Thanks,
>> Kasra
>> ----- Original Message -----
>> From: "Caldarale, Charles R" <Chuck.Caldarale@(protected)>
>> To: "Tomcat Users List" <users@(protected)>
>> Sent: Wednesday, January 03, 2007 9:56 PM
>> Subject: RE: URL rewriting For Session Tracking
>>
>>
>>> From: jobs@(protected)]
>>> Subject: Re: URL rewriting For Session Tracking
>>>
>>> Basically I have a webapp and I want to have a session
>>> for each user that connects to my server (just the usual
>>> servlet session that is created with jsessionid). Do I
>>> have to wrap every link that I have in my webapp with an
>>> Httpservletresponse.encodeURL()?
>>
>> No. As I recall, Tomcat will not create a session automatically unless
>> it's absolutely necessary (e.g., tracking authenticated users) or the
>> application requests it. I'm not aware of any config parameter that
>> will force creation of sessions for all clients, but all you should have
>> to do is put the following somewhere in the request processing path of
>> each servlet:
>>     request.getSession(true);
>>
>> This doesn't need to go into your servlet or JSP code - you can write a
>> simple filter class that does nothing but run the above code to force
>> the creation of a session if one doesn't already exist. The filter
>> mapping can go into conf/web.xml so it will apply to all apps deployed
>> within your Tomcat instance, or in each appropriate webapp's web.xml
>> file.
>>
>> Note that per the servlet spec, Tomcat will use cookies not URL
>> rewriting for session tracking; it will fall back to URL rewriting if
>> the client refuses cookies. You can also disable use of cookies by
>> setting cookies="false" in your <Context> elements (or the global
>> conf/context.xml file).
>>
>> - Chuck
>>
>>
>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>> MATERIAL and is thus for use only by the intended recipient. If you
>> received this in error, please contact the sender and delete the e-mail
>> and its attachments from all computers.
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@(protected)
>> To unsubscribe, e-mail: users-unsubscribe@(protected)
>> For additional commands, e-mail: users-help@(protected)
>>
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@(protected)
>> To unsubscribe, e-mail: users-unsubscribe@(protected)
>> For additional commands, e-mail: users-help@(protected)
>>
>>
>
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@(protected)
> To unsubscribe, e-mail: users-unsubscribe@(protected)
> For additional commands, e-mail: users-help@(protected)
>
>


---------------------------------------------------------------------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)