Hi Reinhard Pilz,
Could you send me your SessionInterceptor class, please. I experienced
some problems implementing this class by myself and I have a project
waiting for me. My constraint is not to use Cookies, so I tried to
remove them but I failed :( I looked in the source codes, but I didn't
figure out how can I be "Cookies-free" :)
Here is the code of my MySessionInterceptor (that didn't work):
=======================================================
package dacian.test.cookies;
import org.apache.tomcat.core.*;
import org.apache.tomcat.util.*;
import java.io.*;
import java.net.*;
import java.util.*;
import javax.servlet.http.*;
public class MySessionInterceptor extends
org.apache.tomcat.request.SessionInterceptor {
// GS, separates the session id from the jvm route
static final char SESSIONID_ROUTE_SEP = '.';
protected int debug = 0;
protected ContextManager cm;
protected Vector sessionIDs = new Vector();
protected Vector httpSessions = new Vector();
public MySessionInterceptor() {
super();
}
public int beforeBody(Request rrequest, Response response) {
String reqSessionId = response.getSessionId();
if (debug > 0)
cm.log("Before Body " + reqSessionId);
if (reqSessionId == null)
return 0;
// GS, set the path attribute to the cookie. This way
// multiple session cookies can be used, one for each
// context.
String sessionPath = rrequest.getContext().getPath();
if (sessionPath.length() == 0) {
sessionPath = "/";
}
// GS, piggyback the jvm route on the session id.
if (!sessionPath.equals("/")) {
String jvmRoute = rrequest.getJvmRoute();
if (null != jvmRoute) {
reqSessionId = reqSessionId + SESSIONID_ROUTE_SEP + jvmRoute;
}
}
String sig = ";jsessionid=";
int foundAt = -1;
if (debug > 0)
cm.log(" XXX RURI=" + rrequest.getRequestURI());
if ((foundAt = rrequest.getRequestURI().indexOf(sig)) != -1) {
reqSessionId = rrequest.getRequestURI().substring(foundAt +
sig.length());
// rewrite URL, do I need to do anything more?
rrequest.setRequestURI(rrequest.getRequestURI().substring(0,
foundAt));
reqSessionId = validateSessionId(rrequest, reqSessionId);
if (reqSessionId != null) {
rrequest.setRequestedSessionIdFromURL(true);
}
}
return 0;
}
public int requestMap(Request request) {
String sessionId = null;
String sig = ";jsessionid=";
int foundAt = -1;
if (debug > 0)
cm.log(" XXX RURI=" + request.getRequestURI());
if ((foundAt = request.getRequestURI().indexOf(sig)) != -1) {
sessionId = request.getRequestURI().substring(foundAt + sig.length());
// rewrite URL, do I need to do anything more?
request.setRequestURI(request.getRequestURI().substring(0, foundAt));
sessionId = validateSessionId(request, sessionId);
if (sessionId != null) {
request.setRequestedSessionIdFromURL(true);
}
}
return 0;
}
public void setContextManager(ContextManager cm) {
this.cm = cm;
super.setContextManager(cm);
}
public void setDebug(int i) {
debug = i;
super.setDebug(i);
}
// XXX what is the correct behavior if the session is invalid ?
// We may still set it and just return session invalid.
/** Validate and fix the session id. If the session is not valid return
null.
* It will also clean up the session from load-balancing strings.
* @return sessionId, or null if not valid
*/
private String validateSessionId(Request request, String sessionId) {
// GS, We piggyback the JVM id on top of the session cookie
// Separate them ...
if (debug > 0)
cm.log(" Orig sessionId " + sessionId);
if (null != sessionId) {
int idex = sessionId.lastIndexOf(SESSIONID_ROUTE_SEP);
if (idex > 0) {
sessionId = sessionId.substring(0, idex);
}
}
if (sessionId != null && sessionId.length() != 0) {
// GS, We are in a problem here, we may actually get
// multiple Session cookies (one for the root
// context and one for the real context... or old session
// cookie. We must check for validity in the current context.
Context ctx = request.getContext();
SessionManager sM = ctx.getSessionManager();
if (null != sM.findSession(ctx, sessionId)) {
sM.accessed(ctx, request, sessionId);
request.setRequestedSessionId(sessionId);
if (debug > 0)
cm.log(" Final session id " + sessionId);
return sessionId;
}
}
return null;
}
}
=======================================================
Reinhard Pilz wrote:
>
> You can download the source of tomcat:
> http://jakarta.apache.org/builds/tomcat/release/v3.1/src/
>
> You'll need jakarta-ant.zip as it is the compiler for jakarta-tomcat.zip
>
> > -----Original Message-----
> > From: A mailing list about Java Server Pages specification and reference
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Dacian-Virgil Hantig
> > Sent: Friday, June 09, 2000 18:38
> > To: [EMAIL PROTECTED]
> > Subject: Re: Cookies in Tomcat
> >
> >
> > Hi,
> > Could you tell me where did you find source codes or other
> > documentation about Tomcat's implementation ?
> >
> > > Unfortunately Tomcat3.1 only implements session tracking by
> > cookies (As I
> > > understood when I studied the source code).
> > > I had the same problem and extended Tomcat by myself. I wrote a new
> > > SessionInterceptor and registered it in /conf/server.xml.
> > > Up to now I haven't experienced any side effects.
> > >
> > > reinhard pilz
> > >
> > > > -----Original Message-----
> > > > From: A mailing list about Java Server Pages specification
> > and reference
> > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Dacian-Virgil Hantig
> > > > Sent: Friday, June 09, 2000 14:10
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Cookies in Tomcat
> > > >
> > > >
> > > > Hi everybody,
> > > >
> > > > I'm experimenting some problems with Cookies in Tomcat. In
> > > > Documentation is written that the usage of cookies or URL Rewriting is
> > > > transparent for the user, but my program DOESN'T work if I
> > have Cookies
> > > > Prompt and I click to the No when the browser asks me if I want a
> > > > Cookie. I can't use cookies (BOSS' REQUEST :)!
> > > > The cookie in question is the JSESSIONID, probably is the SessionID
> > > > from the HttpSession, because without this cookie my session goes to
> > > > hell ... and back :) ... and all my beans are instantiated again, and
> > > > all my values are lost :(
> > > >
> > > > What can I do? Every little advice is welcome.
> > > >
> > > > Yours,
> > > > Dacian
> > > >
> >
> > ==================================================================
> > =========
> > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> > JSP-INTEREST".
> > Some relevant FAQs on JSP/Servlets can be found at:
> >
> > http://java.sun.com/products/jsp/faq.html
> > http://www.esperanto.org.nz/jsp/jspfaq.html
> > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
> >
>
> ===========================================================================
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
