<!doctype html public "-//w3c/dtd HTML 4.0//en"> <html> <!-- Copyright (c) 1999 by BEA Systems, Inc. All Rights Reserved.--> <head> <title>URL Rewriting</title> </head> <body bgcolor="#FFFFFF"> <font face="Helvetica"> <h2> <font color=#DB1260> HttpSessions and URL rewriting </font> </h2> <p> This servlet demonstrates how WebLogic deals with session-related information when cookies are unavailable or disabled in your client's browser. This is commonly referred to as "URL rewriting," because instead of tracking the session ID in a cookie, WebLogic appends the session ID at the end of the URL. <a href=#NOTE><b>NOTE</b></a> <p> To use this servlet to show how WebLogic rewrites URLs, you'll need to set up both WebLogic and your browser. <h4> Check WebLogic properties </h4> <p> Make sure that these properties are set as shown in your <font face="Courier New" size=-1>weblogic.properties</font> file, and then restart the WebLogic Server: <table> <tr> <td> <font face="Courier New" size=-1>weblogic.httpd.session.enable=true</font> </td> <td><font face="Helvetica">(Current setting: <font face="Courier New" size=-1><b><%= getProp("weblogic.httpd.session.enable") %></b></font>) </td> </tr> <tr> <td> <font face="Courier New" size=-1>weblogic.httpd.session.URLRewriting.enable=true</font> </td> <td><font face="Helvetica">(Current setting: <font face="Courier New" size=-1><b><%= getProp("weblogic.httpd.session.URLRewriting.enable") %></b></font>) </td> </tr> <tr> <td> <font face="Courier New" size=-1>weblogic.httpd.session.cookies.enable=true</font> </td> <td><font face="Helvetica">(Current setting: <font face="Courier New" size=-1><b><%= getProp("weblogic.httpd.session.cookies.enable") %></b></font>) </td> </tr> </table> <h4> Set up your browser </h4> <p> You must also <b>disable cookies</b> in your browser: <dl> <dt> In Netscape <dd>Select Preferences from the Edit menu. <br> On the Advanced tab panel, select the radio button beside "Disable Cookies". <p> <dt>In Internet Explorer <dd>Select Internet Options from the View menu. <br> On the Advanced tab panel, scroll down to "Security". <br> Find the entry for "Cookies" and select the radio button beside "Disable all cookie use". </dl> <h4> Set some session info </h4> <p> To see how it works, try setting some session name/value pairs with cookies disabled. Session data will still be stored on the server but the session ID will be passed to the server by rewritten as arguments appended to the URL. <p> <b>Note:</b> You'll also need to encode the FORM ACTION URL. <p> <%@ page import=" weblogic.common.T3Services " %> <%! HttpSession session; %> <% session = request.getSession(true); if (session == null) { out.print("\nSession is null!<p>"); } if(session != null){ String url = "http://" + request.getRemoteAddr() + ":" + request.getServerPort() + request.getRequestURI(); out.print("The normal non-encoded URL is:<br><u>" + url +"</u><p>"); url = response.encodeURL(url); out.print("The encoded URL is :<br><a href=\"" + url + "\">" + url + "</a><p>"); } if (request.getParameter("AddValue") != null) { session.putValue("SessionServlet." + request.getParameter("NameField"), request.getParameter("ValueField")); } else if (request.getParameter("DeleteValue") != null) { session.removeValue("SessionServlet." + request.getParameter("NameField")); } %> <center> <table border=1 cellspacing=2 cellpadding=5 width=400 bgcolor=#EEEEEE> <th colspan=2><font face="Helvetica">Session : <%= session.getId() %></font><br> </th> <tr> <th><font face="Helvetica"><B>Name</B></th> <th><font face="Helvetica"><B>Value</B></th> </tr> <% String[] sessionNames = session.getValueNames(); if (sessionNames != null) { for (int index = 0; index < sessionNames.length; index++) { %> <tr> <td><font face="Helvetica"><%= sessionNames[index] %></td> <td><font face="Helvetica"><%= session.getValue(sessionNames[index]) %></td> </tr> <% } } %> <%! public String getProp(String toGet){ try { return T3Services.getT3Services().config().getProperty(toGet); } catch(Exception e){ // Here, we access the javax.servlet.ServletContext object. Note that the // 'application' implicit object is not available here because we are not // in a scriplet or an expression. getServletConfig(). getServletContext().log("T3Exception thrown getting property.",e); } return ""; } %> </table> </center> <p> <form method="post" name="URLEncode" action="<%= response.encodeURL(request.getRequestURI()) %>"> <center> <table border=1 cellspacing=2 cellpadding=5 width=400> <th><font face="Helvetica">Name to add/delete</th> <th><font face="Helvetica">Value</th> <tr> <td align=right><font face="Helvetica"><input type="text" name="NameField"></td> <td align=left><font face="Helvetica"><input type="text" name="ValueField"></td> </tr> <tr> <td colspan=2 align=center><input type="submit" value=" Add " name="AddValue"><input type="submit" value="Delete" name="DeleteValue"></td> </tr> </table> </center> </form> <servlet code="test.servlet.StringServlet"> </servlet> <a name="NOTE"></a> For the very first request to a servlet that involves a brand new HttpSession, the call to <font face="Courier New" size=-1>response.encodeURL(url)</font> will always return an encoded URL. This is because on the first request there is no Session ID to be found in either the Cookie or the URL. There is no way to know if the browser has cookies turned off. The course of action is: <ol> <li>Set a cookie. <li>Encode URL with SessionCookie. </ol> <p> If a cookie doesn't come back because cookies are disabled, then the URL will contine to be encoded with Session ID. <p> <font size=-1>Copyright © 1999 by BEA Systems, Inc. All Rights Reserved. </font> </body> </html>