Re: Prevent session id from appearing in URL while being indexed by google
Thanks Thiago, looks as if I had SessionState being used in the layout. On Wed, Jun 4, 2014 at 11:46 AM, Thiago H de Paula Figueiredo < thiag...@gmail.com> wrote: > On Wed, 04 Jun 2014 12:11:00 -0300, George Christman < > gchrist...@cardaddy.com> wrote: > > Hi Thiago, I just disabled coolkies within my browser and I'm finding >> every link is being generated with a session id despite not needing to be >> logged in. What would cause this? >> > > Any page with @Persist or @SessionState being visited can cause a session > to be created. Or code that calls the setXX() methods of > ApplicationStateManager. You don't need to be logged in to have an > HttpSession created. > > The session id generation is done by the servlet container, not Tapestry. > On the other hand, you can use the LinkRewriter API to change teh URLs > Tapestry generate. > > > -- > Thiago H. de Paula Figueiredo > Tapestry, Java and Hibernate consultant and developer > http://machina.com.br > > - > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > > -- George Christman www.CarDaddy.com P.O. Box 735 Johnstown, New York
Re: Prevent session id from appearing in URL while being indexed by google
On Wed, 04 Jun 2014 12:11:00 -0300, George Christman wrote: Hi Thiago, I just disabled coolkies within my browser and I'm finding every link is being generated with a session id despite not needing to be logged in. What would cause this? Any page with @Persist or @SessionState being visited can cause a session to be created. Or code that calls the setXX() methods of ApplicationStateManager. You don't need to be logged in to have an HttpSession created. The session id generation is done by the servlet container, not Tapestry. On the other hand, you can use the LinkRewriter API to change teh URLs Tapestry generate. -- Thiago H. de Paula Figueiredo Tapestry, Java and Hibernate consultant and developer http://machina.com.br - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Prevent session id from appearing in URL while being indexed by google
George, you can try debugging this by implementing http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpSessionListener.html Put a breakpoint in sessionCreated and inspect the stack trace. Maybe this will help. On Wed, Jun 4, 2014 at 7:11 PM, George Christman wrote: > Hi Thiago, I just disabled coolkies within my browser and I'm finding every > link is being generated with a session id despite not needing to be logged > in. What would cause this? I'm not sure if this would effect things, but > I'm using remember me with tapestry-security, however I'm not logged in to > my account while it's still generating session id's. Any thoughts? > > > On Wed, Jun 4, 2014 at 10:46 AM, Thiago H de Paula Figueiredo < > thiag...@gmail.com> wrote: > > > On Wed, 04 Jun 2014 10:16:24 -0300, Dmitry Gusev > > > wrote: > > > > I don't think requiring cookies is a bad idea. > >> I think every normal user would have cookies enabled. > >> > > > > Some proxies mess up with cookies, causing them to not work. At my work > > I've got lots of client complaints because of that. > > > > I think the most important issue here is why the session is being created > > at first. It's even a performance issue. > > > > -- > > Thiago H. de Paula Figueiredo > > Tapestry, Java and Hibernate consultant and developer > > http://machina.com.br > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > > For additional commands, e-mail: users-h...@tapestry.apache.org > > > > > > > -- > George Christman > www.CarDaddy.com > P.O. Box 735 > Johnstown, New York > -- Dmitry Gusev AnjLab Team http://anjlab.com
Re: Prevent session id from appearing in URL while being indexed by google
Hi Thiago, I just disabled coolkies within my browser and I'm finding every link is being generated with a session id despite not needing to be logged in. What would cause this? I'm not sure if this would effect things, but I'm using remember me with tapestry-security, however I'm not logged in to my account while it's still generating session id's. Any thoughts? On Wed, Jun 4, 2014 at 10:46 AM, Thiago H de Paula Figueiredo < thiag...@gmail.com> wrote: > On Wed, 04 Jun 2014 10:16:24 -0300, Dmitry Gusev > wrote: > > I don't think requiring cookies is a bad idea. >> I think every normal user would have cookies enabled. >> > > Some proxies mess up with cookies, causing them to not work. At my work > I've got lots of client complaints because of that. > > I think the most important issue here is why the session is being created > at first. It's even a performance issue. > > -- > Thiago H. de Paula Figueiredo > Tapestry, Java and Hibernate consultant and developer > http://machina.com.br > > - > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > > -- George Christman www.CarDaddy.com P.O. Box 735 Johnstown, New York
Re: Prevent session id from appearing in URL while being indexed by google
On Wed, 04 Jun 2014 10:16:24 -0300, Dmitry Gusev wrote: I don't think requiring cookies is a bad idea. I think every normal user would have cookies enabled. Some proxies mess up with cookies, causing them to not work. At my work I've got lots of client complaints because of that. I think the most important issue here is why the session is being created at first. It's even a performance issue. -- Thiago H. de Paula Figueiredo Tapestry, Java and Hibernate consultant and developer http://machina.com.br - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Prevent session id from appearing in URL while being indexed by google
Thanks Dmitry. I'll move forward with that solution. On Wed, Jun 4, 2014 at 9:16 AM, Dmitry Gusev wrote: > I don't think requiring cookies is a bad idea. > I think every normal user would have cookies enabled. > > > On Wed, Jun 4, 2014 at 4:59 PM, George Christman > wrote: > > > I'm already using tomcat7. Do you think requiring all users to have > cookies > > enabled is a bad idea? > > > > > > On Wed, Jun 4, 2014 at 8:32 AM, Dmitry Gusev > > wrote: > > > > > I don't think you should migrate your app server to do this, your > current > > > server probably supports this feature too! > > > What is it btw? > > > > > > There will be side-effects: users without cookies won't be able to use > > > sessions in your app. > > > > > > > > > On Wed, Jun 4, 2014 at 4:28 PM, George Christman < > > gchrist...@cardaddy.com> > > > wrote: > > > > > > > Thanks Dmitry, so if I understand this correctly, I should be able to > > > just > > > > do the following and it should address the issue without side > effects? > > > > > > > > 3. Switch to Tomcat 7 ! > > > > > > > > The Servlet 3.0 standard gives you two ways to disable URL session > > > > rewriting. This works in Tomcat 7, Glassfish v3, and any other > Servlet > > > > 3.0-compliant servlet container. First, you can add this to your > > web.xml > > > > webapp config: > > > > > > > > > > > > COOKIE > > > > > > > > > > > > > > > > On Wed, Jun 4, 2014 at 6:58 AM, Dmitry Gusev > > > > > wrote: > > > > > > > > > Hi George, > > > > > > > > > > The ID appears in URLs if your app creates session for current > user & > > > > this > > > > > user has cookies disabled. > > > > > > > > > > You can either not create a session for guests, or disable session > ID > > > in > > > > > URLs in servlet container level, > > > > > here's an example for tomcat: > > > > > https://fralef.me/tomcat-disable-jsessionid-in-url.html > > > > > > > > > > > > > > > > > > > > On Wed, Jun 4, 2014 at 10:48 AM, George Christman < > > > > gchrist...@cardaddy.com > > > > > > > > > > > wrote: > > > > > > > > > > > Hi guys, I'm noticing Google is indexing a lot of pages with the > > > > session > > > > > id > > > > > > appended to the URL, how do I prevent this? Please see link below > > for > > > > > > example. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://www.google.com/search?q=site:cardaddy.com&client=firefox-a&hs=qLR&rls=org.mozilla:en-US:official&channel=sb&ei=d8COU_CRDJSmsQT_lIDoDQ&start=80&sa=N&biw=1280&bih=1199 > > > > > > > > > > > > -- > > > > > > George Christman > > > > > > www.CarDaddy.com > > > > > > P.O. Box 735 > > > > > > Johnstown, New York > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Dmitry Gusev > > > > > > > > > > AnjLab Team > > > > > http://anjlab.com > > > > > > > > > > > > > > > > > > > > > -- > > > > George Christman > > > > www.CarDaddy.com > > > > P.O. Box 735 > > > > Johnstown, New York > > > > > > > > > > > > > > > > -- > > > Dmitry Gusev > > > > > > AnjLab Team > > > http://anjlab.com > > > > > > > > > > > -- > > George Christman > > www.CarDaddy.com > > P.O. Box 735 > > Johnstown, New York > > > > > > -- > Dmitry Gusev > > AnjLab Team > http://anjlab.com > -- George Christman www.CarDaddy.com P.O. Box 735 Johnstown, New York
Re: Prevent session id from appearing in URL while being indexed by google
I don't think requiring cookies is a bad idea. I think every normal user would have cookies enabled. On Wed, Jun 4, 2014 at 4:59 PM, George Christman wrote: > I'm already using tomcat7. Do you think requiring all users to have cookies > enabled is a bad idea? > > > On Wed, Jun 4, 2014 at 8:32 AM, Dmitry Gusev > wrote: > > > I don't think you should migrate your app server to do this, your current > > server probably supports this feature too! > > What is it btw? > > > > There will be side-effects: users without cookies won't be able to use > > sessions in your app. > > > > > > On Wed, Jun 4, 2014 at 4:28 PM, George Christman < > gchrist...@cardaddy.com> > > wrote: > > > > > Thanks Dmitry, so if I understand this correctly, I should be able to > > just > > > do the following and it should address the issue without side effects? > > > > > > 3. Switch to Tomcat 7 ! > > > > > > The Servlet 3.0 standard gives you two ways to disable URL session > > > rewriting. This works in Tomcat 7, Glassfish v3, and any other Servlet > > > 3.0-compliant servlet container. First, you can add this to your > web.xml > > > webapp config: > > > > > > > > > COOKIE > > > > > > > > > > > > On Wed, Jun 4, 2014 at 6:58 AM, Dmitry Gusev > > > wrote: > > > > > > > Hi George, > > > > > > > > The ID appears in URLs if your app creates session for current user & > > > this > > > > user has cookies disabled. > > > > > > > > You can either not create a session for guests, or disable session ID > > in > > > > URLs in servlet container level, > > > > here's an example for tomcat: > > > > https://fralef.me/tomcat-disable-jsessionid-in-url.html > > > > > > > > > > > > > > > > On Wed, Jun 4, 2014 at 10:48 AM, George Christman < > > > gchrist...@cardaddy.com > > > > > > > > > wrote: > > > > > > > > > Hi guys, I'm noticing Google is indexing a lot of pages with the > > > session > > > > id > > > > > appended to the URL, how do I prevent this? Please see link below > for > > > > > example. > > > > > > > > > > > > > > > > > > > > > > > > > https://www.google.com/search?q=site:cardaddy.com&client=firefox-a&hs=qLR&rls=org.mozilla:en-US:official&channel=sb&ei=d8COU_CRDJSmsQT_lIDoDQ&start=80&sa=N&biw=1280&bih=1199 > > > > > > > > > > -- > > > > > George Christman > > > > > www.CarDaddy.com > > > > > P.O. Box 735 > > > > > Johnstown, New York > > > > > > > > > > > > > > > > > > > > > -- > > > > Dmitry Gusev > > > > > > > > AnjLab Team > > > > http://anjlab.com > > > > > > > > > > > > > > > > -- > > > George Christman > > > www.CarDaddy.com > > > P.O. Box 735 > > > Johnstown, New York > > > > > > > > > > > -- > > Dmitry Gusev > > > > AnjLab Team > > http://anjlab.com > > > > > > -- > George Christman > www.CarDaddy.com > P.O. Box 735 > Johnstown, New York > -- Dmitry Gusev AnjLab Team http://anjlab.com
Re: Prevent session id from appearing in URL while being indexed by google
I'm already using tomcat7. Do you think requiring all users to have cookies enabled is a bad idea? On Wed, Jun 4, 2014 at 8:32 AM, Dmitry Gusev wrote: > I don't think you should migrate your app server to do this, your current > server probably supports this feature too! > What is it btw? > > There will be side-effects: users without cookies won't be able to use > sessions in your app. > > > On Wed, Jun 4, 2014 at 4:28 PM, George Christman > wrote: > > > Thanks Dmitry, so if I understand this correctly, I should be able to > just > > do the following and it should address the issue without side effects? > > > > 3. Switch to Tomcat 7 ! > > > > The Servlet 3.0 standard gives you two ways to disable URL session > > rewriting. This works in Tomcat 7, Glassfish v3, and any other Servlet > > 3.0-compliant servlet container. First, you can add this to your web.xml > > webapp config: > > > > > > COOKIE > > > > > > > > On Wed, Jun 4, 2014 at 6:58 AM, Dmitry Gusev > > wrote: > > > > > Hi George, > > > > > > The ID appears in URLs if your app creates session for current user & > > this > > > user has cookies disabled. > > > > > > You can either not create a session for guests, or disable session ID > in > > > URLs in servlet container level, > > > here's an example for tomcat: > > > https://fralef.me/tomcat-disable-jsessionid-in-url.html > > > > > > > > > > > > On Wed, Jun 4, 2014 at 10:48 AM, George Christman < > > gchrist...@cardaddy.com > > > > > > > wrote: > > > > > > > Hi guys, I'm noticing Google is indexing a lot of pages with the > > session > > > id > > > > appended to the URL, how do I prevent this? Please see link below for > > > > example. > > > > > > > > > > > > > > > > > > https://www.google.com/search?q=site:cardaddy.com&client=firefox-a&hs=qLR&rls=org.mozilla:en-US:official&channel=sb&ei=d8COU_CRDJSmsQT_lIDoDQ&start=80&sa=N&biw=1280&bih=1199 > > > > > > > > -- > > > > George Christman > > > > www.CarDaddy.com > > > > P.O. Box 735 > > > > Johnstown, New York > > > > > > > > > > > > > > > > -- > > > Dmitry Gusev > > > > > > AnjLab Team > > > http://anjlab.com > > > > > > > > > > > -- > > George Christman > > www.CarDaddy.com > > P.O. Box 735 > > Johnstown, New York > > > > > > -- > Dmitry Gusev > > AnjLab Team > http://anjlab.com > -- George Christman www.CarDaddy.com P.O. Box 735 Johnstown, New York
Re: Prevent session id from appearing in URL while being indexed by google
I don't think you should migrate your app server to do this, your current server probably supports this feature too! What is it btw? There will be side-effects: users without cookies won't be able to use sessions in your app. On Wed, Jun 4, 2014 at 4:28 PM, George Christman wrote: > Thanks Dmitry, so if I understand this correctly, I should be able to just > do the following and it should address the issue without side effects? > > 3. Switch to Tomcat 7 ! > > The Servlet 3.0 standard gives you two ways to disable URL session > rewriting. This works in Tomcat 7, Glassfish v3, and any other Servlet > 3.0-compliant servlet container. First, you can add this to your web.xml > webapp config: > > > COOKIE > > > > On Wed, Jun 4, 2014 at 6:58 AM, Dmitry Gusev > wrote: > > > Hi George, > > > > The ID appears in URLs if your app creates session for current user & > this > > user has cookies disabled. > > > > You can either not create a session for guests, or disable session ID in > > URLs in servlet container level, > > here's an example for tomcat: > > https://fralef.me/tomcat-disable-jsessionid-in-url.html > > > > > > > > On Wed, Jun 4, 2014 at 10:48 AM, George Christman < > gchrist...@cardaddy.com > > > > > wrote: > > > > > Hi guys, I'm noticing Google is indexing a lot of pages with the > session > > id > > > appended to the URL, how do I prevent this? Please see link below for > > > example. > > > > > > > > > > > > https://www.google.com/search?q=site:cardaddy.com&client=firefox-a&hs=qLR&rls=org.mozilla:en-US:official&channel=sb&ei=d8COU_CRDJSmsQT_lIDoDQ&start=80&sa=N&biw=1280&bih=1199 > > > > > > -- > > > George Christman > > > www.CarDaddy.com > > > P.O. Box 735 > > > Johnstown, New York > > > > > > > > > > > -- > > Dmitry Gusev > > > > AnjLab Team > > http://anjlab.com > > > > > > -- > George Christman > www.CarDaddy.com > P.O. Box 735 > Johnstown, New York > -- Dmitry Gusev AnjLab Team http://anjlab.com
Re: Prevent session id from appearing in URL while being indexed by google
Thanks Dmitry, so if I understand this correctly, I should be able to just do the following and it should address the issue without side effects? 3. Switch to Tomcat 7 ! The Servlet 3.0 standard gives you two ways to disable URL session rewriting. This works in Tomcat 7, Glassfish v3, and any other Servlet 3.0-compliant servlet container. First, you can add this to your web.xml webapp config: COOKIE On Wed, Jun 4, 2014 at 6:58 AM, Dmitry Gusev wrote: > Hi George, > > The ID appears in URLs if your app creates session for current user & this > user has cookies disabled. > > You can either not create a session for guests, or disable session ID in > URLs in servlet container level, > here's an example for tomcat: > https://fralef.me/tomcat-disable-jsessionid-in-url.html > > > > On Wed, Jun 4, 2014 at 10:48 AM, George Christman > > wrote: > > > Hi guys, I'm noticing Google is indexing a lot of pages with the session > id > > appended to the URL, how do I prevent this? Please see link below for > > example. > > > > > > > https://www.google.com/search?q=site:cardaddy.com&client=firefox-a&hs=qLR&rls=org.mozilla:en-US:official&channel=sb&ei=d8COU_CRDJSmsQT_lIDoDQ&start=80&sa=N&biw=1280&bih=1199 > > > > -- > > George Christman > > www.CarDaddy.com > > P.O. Box 735 > > Johnstown, New York > > > > > > -- > Dmitry Gusev > > AnjLab Team > http://anjlab.com > -- George Christman www.CarDaddy.com P.O. Box 735 Johnstown, New York
Re: Prevent session id from appearing in URL while being indexed by google
Hi George, The ID appears in URLs if your app creates session for current user & this user has cookies disabled. You can either not create a session for guests, or disable session ID in URLs in servlet container level, here's an example for tomcat: https://fralef.me/tomcat-disable-jsessionid-in-url.html On Wed, Jun 4, 2014 at 10:48 AM, George Christman wrote: > Hi guys, I'm noticing Google is indexing a lot of pages with the session id > appended to the URL, how do I prevent this? Please see link below for > example. > > > https://www.google.com/search?q=site:cardaddy.com&client=firefox-a&hs=qLR&rls=org.mozilla:en-US:official&channel=sb&ei=d8COU_CRDJSmsQT_lIDoDQ&start=80&sa=N&biw=1280&bih=1199 > > -- > George Christman > www.CarDaddy.com > P.O. Box 735 > Johnstown, New York > -- Dmitry Gusev AnjLab Team http://anjlab.com
Prevent session id from appearing in URL while being indexed by google
Hi guys, I'm noticing Google is indexing a lot of pages with the session id appended to the URL, how do I prevent this? Please see link below for example. https://www.google.com/search?q=site:cardaddy.com&client=firefox-a&hs=qLR&rls=org.mozilla:en-US:official&channel=sb&ei=d8COU_CRDJSmsQT_lIDoDQ&start=80&sa=N&biw=1280&bih=1199 -- George Christman www.CarDaddy.com P.O. Box 735 Johnstown, New York
