Yep I tried that, but when I converted a working stripping servletfilter to a requestfiler, I have to deal with tapestry's request and response in addition to sevlet.HttpServletRequest and servlet.httpServletRepsonse.
Although I override both (Response and HttpServletResponse, since I guess some code uses Response while some use HttpServletResponse) still no luck. My code (almost an exact copy of the servlet filter I had ealier, but with overwriting the Tapestry-reponse as well) is: public boolean service(Request request, Response response, RequestHandler handler) throws IOException { if (request.isRequestedSessionIdValid() && _globals.getHTTPServletRequest().getCookies()==null) { Session session = request.getSession(false); if (session != null) session.invalidate(); // wrap response to remove URL encoding HttpServletResponse httpResponse = _globals.getHTTPServletResponse(); HttpServletResponseWrapper wrappedResponse = new HttpServletResponseWrapper(httpResponse) { @Override public String encodeRedirectUrl(String url) { return url; } @Override public String encodeRedirectURL(String url) { return url; } @Override public String encodeUrl(String url) { return url; } @Override public String encodeURL(String url) { return url; } }; response = new ResponseImpl(wrappedResponse); _globals.storeServletRequestResponse(_globals.getHTTPServletRequest(), wrappedResponse); _globals.storeRequestResponse(request, response); } return handler.service(request, response); } But still JSessionId in the results. (although actionlinks take a cycle more to pick up the JSessionID than without the filter) Anyone? Robert Zeigler wrote: > > Just turn your ServletFilter into a RequestFilter. > You can use ApplicationStateManager in RequestFilters now. > (See, for example: > http://code.google.com/p/tapestry5-cayenne/source/browse/trunk/tapestry5-cayenne-server/src/main/java/com/googlecode/tapestry5cayenne/services/CayenneRequestFilter.java) > > Robert > > On Jul 10, 2008, at 7/1012:30 PM , Britske wrote: > >> >> yeah I realize that JSessionId is there for the session, but I want >> to build >> functionality into a dispatcher that strips this jsessionid from the >> request >> if a user is not logged in (logged in in my app means that a User- >> instance >> exists in the ASM) and if the user has cookies disabled. >> >> The rationale is >> that I don't want search-engines to see the JSessionid, but I want >> to enable >> users without cookies to login and track their settings using >> JSessionID in >> the url. >> Since search-engines don't login these 2 groups are nice mutually >> exclusive >> and so it's a clean cut when to strip the JSessionid and when not. >> >> Except that I'm still not sure how to do it. >> Wrapping the request and response in a handler (before Tapestry >> comes in >> action) and stripping it like that works, but doing it almost >> exactly the >> same in a dispather doesn't . >> >> That's why I think it has to do with some internal tapestry >> processing. >> Do you have an idea where to look? >> >> >> Howard Lewis Ship wrote: >>> >>> All the jsessionid functionality is provided by the servlet >>> container, >>> not by Tapestry. And it does exactly what you are suggesting ... >>> except that its not about the user being logged in, its about the >>> user >>> have a session. >>> >>> On Thu, Jul 10, 2008 at 8:52 AM, Britske <[EMAIL PROTECTED]> wrote: >>>> >>>> partially related to a post I send a couple of days ago, but >>>> perhaps this >>>> explains better what I'm trying to do. >>>> >>>> I'm trying to strip the jSessionId from displaying in the url if: >>>> 1. user doesn't have cookies (otherwise it won't display anyway) >>>> 2. user is not logged in. >>>> >>>> I wanted to implement this as a filter, but I have to go with a >>>> dispather >>>> since to see if a user is logged in I need to have access to the >>>> ASM, >>>> which >>>> I can't get to in a filter. >>>> >>>> >>>> Now somewhere in between all the HttpSevletRequest to >>>> tapestry.request >>>> comversion, etc. tapestry decides to take over the JSessionId >>>> provided by >>>> the HttpServletRequest. I want to intercept this call somehow and >>>> strip >>>> the >>>> JSessionId from the request. >>>> >>>> I implemented a Dispatcher (the last in the line before onActivate >>>> is >>>> called) and basically wrapped (subclassed) HttpServletRequest and >>>> HttpServletResponse to return null for the sessionid and have >>>> redirecturl >>>> return url. My own HttpServlet get's called in the app (and >>>> returns null >>>> for >>>> getrequestedSessionId()) This request is added as a constructor >>>> param to >>>> a >>>> newly created tapestry.requestImpl which are both saved to >>>> RequestGlobals. I >>>> though that should do the trick >>>> >>>> not... >>>> Apperantly somehow the jsessionid is picked up anyway although (when >>>> expecting >>>> requestglobals.getHttpServletRequest.getRequstedSessionId() in >>>> page.onactivate() this correctly returns null). >>>> >>>> Anyone? >>>> Thanks. >>>> >>>> my code: >>>> //SessionStripController >>>> public final class SessionStripController implements Dispatcher { >>>> private ApplicationStateManager asm; >>>> private RequestGlobals globals; >>>> >>>> public SessionStripController(ApplicationStateManager >>>> asm,RequestGlobals >>>> globals){ >>>> this.asm = asm; >>>> this.globals = globals; >>>> } >>>> >>>> public boolean dispatch(Request req, Response response) throws >>>> IOException >>>> { >>>> if (req.isRequestedSessionIdValid() && >>>> globals.getHTTPServletRequest().getCookies()==null) >>>> { >>>> Session session = req.getSession(false); >>>> if (session != null) session.invalidate(); >>>> >>>> HttpServletRequestWrapper wrappednRequest = >>>> new >>>> HttpServletRequestWrapperOwn(globals.getHTTPServletRequest()); >>>> >>>> HttpServletResponseWrapper >>>> wrappedResponse = >>>> new >>>> HttpServletResponseWrapper(globals.getHTTPServletResponse()) >>>> { >>>> public String encodeRedirectUrl(String >>>> url) { return url; } >>>> public String encodeRedirectURL(String >>>> url) { return url; } >>>> public String encodeUrl(String url) { >>>> return url; } >>>> public String encodeURL(String url) { >>>> return url; } >>>> }; >>>> >>>> globals.storeServletRequestResponse(wrappednRequest, >>>> wrappedResponse); >>>> globals.storeRequestResponse(new >>>> RequestImpl(wrappednRequest), new >>>> ResponseImpl(wrappedResponse)); >>>> } >>>> return false; >>>> } >>>> } >>>> >>>> >>>> //HttpServletRequestWrapperOwn >>>> public class HttpServletRequestWrapperOwn extends >>>> HttpServletRequestWrapper >>>> { >>>> >>>> public HttpServletRequestWrapperOwn(HttpServletRequest >>>> request) { >>>> super(request); >>>> } >>>> >>>> public String getRequestedSessionId(){ >>>> return null; >>>> } >>>> >>>> } >>>> >>>> >>>> >>>> -- >>>> View this message in context: >>>> http://www.nabble.com/T5%3A-what-part-of-tapestry-adds-Jsessionid-tp18385573p18385573.html >>>> Sent from the Tapestry - User mailing list archive at Nabble.com. >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>> >>>> >>> >>> >>> >>> -- >>> Howard M. Lewis Ship >>> >>> Creator Apache Tapestry and Apache HiveMind >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >>> >> >> -- >> View this message in context: >> http://www.nabble.com/T5%3A-what-part-of-tapestry-adds-Jsessionid-tp18385573p18387981.html >> Sent from the Tapestry - User mailing list archive at Nabble.com. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/T5%3A-what-part-of-tapestry-adds-Jsessionid-tp18385573p18400033.html Sent from the Tapestry - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]