perhaps I should have mentioned that the code for checking if the user-instance exists or not isn't here yet, but it isn't really relevant for the problem. Thanks.
Britske wrote: > > I want to strip JsessionId from the url (for browsers who dont support > cookies) for SEO purposes. > btw: perhaps a bit long-winded as to the why's, but it may help others. > > At first I implemented a servletfilter (from > http://randomcoder.com/articles/jsessionid-considered-harmful) > which basically consists of passing a subclassed httpServletResponse where > i've overwritten the encodeUrl() method to not to include the jsessionid. > This works well. > > However I do not want to strip the jsesisonid when the user has logged in. > The rationale here is that I really do need a session when a user is > logged in, and since a searchengine doesn't login (at least I don't > program for it) It can't harm to make this exception. > > The application recognizes that a user is logged in if a User-instance is > present in the ASM (ApplicationStateManager). > This means I have to let the notion of a requesthandler go, and go instead > with a tapestry dispatcher, since a servlet requesthandler has no way f > getting the ASM of the current user. (Is this correct?) > > Not much changed to the dispather (in relationship to the code in the > requestfilter before). The Dispatcher is also correctly registered in > AppModule etc. > > The problem is that although I see that jsessionid is stripped in the > custom encodeUrl-method, if appears afterwards in request (as noticed in > the address-bar). So my question is: What code inserts the > jsessionid-again, after the Response.encodeUrl()-method, and how can I > change it's behavior? > > the relevant code: > > //Appmodule > public static void bind(ServiceBinder binder) > { > binder.bind(AccessController.class).withId("AccessController"); > binder.bind(AutoLoginController.class).withId("AutoLoginController"); > > binder.bind(SessionStripController.class).withId("SessionStripController"); > } > > public void contributeMasterDispatcher(OrderedConfiguration<Dispatcher> > configuration, > @InjectService("AccessController") Dispatcher > accessController, > @InjectService("AutoLoginController") Dispatcher > autoLoginController, > @InjectService("SessionStripController") Dispatcher > sessionStripController) { > configuration.add("AccessController", accessController, > "before:PageRender"); > configuration.add("AutoLoginController", autoLoginController, > "before:AccessController"); > configuration.add("SessionStripController", > sessionStripController,"before:AutoLoginController"); > } > > //sessionstripcontroller > public final class SessionStripController implements Dispatcher { > > > private ApplicationStateManager asm; > private RequestGlobals globals; > > public SessionStripController(ApplicationStateManager asm,RequestGlobals > globals){ > this.asm = asm; > this.globals = globals; > } > > public boolean dispatch(Request req, Response response) throws > IOException { > // clear session if session id in URL > if (req.isRequestedSessionIdValid() && > globals.getHTTPServletRequest().getCookies()==null) > { > Session session = req.getSession(false); > if (session != null) session.invalidate(); > ServletResponseWrapper wrapResp = new > ServletResponseWrapper(globals.getHTTPServletResponse()); > globals.storeRequestResponse(req, wrapResp); > } > return false; > } > } > > //ServletResponseWrapper > public class ServletResponseWrapper extends ResponseImpl{ > public ServletResponseWrapper(HttpServletResponse response) { > super(response); > // TODO Auto-generated constructor stub > } > > @Override > public String encodeRedirectURL(String url) { > url = super.encodeRedirectURL(url); > return url; > } > > @Override > public String encodeURL(String url) { > url = super.encodeURL(url); > url = url.substring(0,url.indexOf(";")); > return url; > } > } > > btw: encodeRedirectURL and encodeURL can just return <url> straightaway, > but the above code enabled me to see that indeed this code stripped the > added jsessionid that super.encode*Url() added. So where is the other > method that's adding jsessionid? > > Cheers, > Britske > > -- View this message in context: http://www.nabble.com/stripping-jsessionid-in-custom-dispatcher-depending-on-ASM.-tp18351016p18351055.html Sent from the Tapestry - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
