HttpSessions and URL rewriting

This servlet demonstrates how WebLogic deals with session-related information when cookies are unavailable or disabled in your client's browser. This is commonly referred to as "URL rewriting," because instead of tracking the session ID in a cookie, WebLogic appends the session ID at the end of the URL. NOTE

To use this servlet to show how WebLogic rewrites URLs, you'll need to set up both WebLogic and your browser.

Check WebLogic properties

Make sure that these properties are set as shown in your weblogic.properties file, and then restart the WebLogic Server:

weblogic.httpd.session.enable=true (Current setting: <%= getProp("weblogic.httpd.session.enable") %>)
weblogic.httpd.session.URLRewriting.enable=true (Current setting: <%= getProp("weblogic.httpd.session.URLRewriting.enable") %>)
weblogic.httpd.session.cookies.enable=true (Current setting: <%= getProp("weblogic.httpd.session.cookies.enable") %>)

Set up your browser

You must also disable cookies in your browser:

In Netscape
Select Preferences from the Edit menu.
On the Advanced tab panel, select the radio button beside "Disable Cookies".

In Internet Explorer
Select Internet Options from the View menu.
On the Advanced tab panel, scroll down to "Security".
Find the entry for "Cookies" and select the radio button beside "Disable all cookie use".

Set some session info

To see how it works, try setting some session name/value pairs with cookies disabled. Session data will still be stored on the server but the session ID will be passed to the server by rewritten as arguments appended to the URL.

Note: You'll also need to encode the FORM ACTION URL.

<%@ page import=" weblogic.common.T3Services " %> <%! HttpSession session; %> <% session = request.getSession(true); if (session == null) { out.print("\nSession is null!

"); } if(session != null){ String url = "http://" + request.getRemoteAddr() + ":" + request.getServerPort() + request.getRequestURI(); out.print("The normal non-encoded URL is:
" + url +"

"); url = response.encodeURL(url); out.print("The encoded URL is :
" + url + "

"); } if (request.getParameter("AddValue") != null) { session.putValue("SessionServlet." + request.getParameter("NameField"), request.getParameter("ValueField")); } else if (request.getParameter("DeleteValue") != null) { session.removeValue("SessionServlet." + request.getParameter("NameField")); } %>

<% String[] sessionNames = session.getValueNames(); if (sessionNames != null) { for (int index = 0; index < sessionNames.length; index++) { %> <% } } %> <%! public String getProp(String toGet){ try { return T3Services.getT3Services().config().getProperty(toGet); } catch(Exception e){ // Here, we access the javax.servlet.ServletContext object. Note that the // 'application' implicit object is not available here because we are not // in a scriplet or an expression. getServletConfig(). getServletContext().log("T3Exception thrown getting property.",e); } return ""; } %>
Session : <%= session.getId() %>
Name Value
<%= sessionNames[index] %> <%= session.getValue(sessionNames[index]) %>

Name to add/delete Value
For the very first request to a servlet that involves a brand new HttpSession, the call to response.encodeURL(url) will always return an encoded URL. This is because on the first request there is no Session ID to be found in either the Cookie or the URL. There is no way to know if the browser has cookies turned off. The course of action is:
  1. Set a cookie.
  2. Encode URL with SessionCookie.

If a cookie doesn't come back because cookies are disabled, then the URL will contine to be encoded with Session ID.

Copyright © 1999-2000 by BEA Systems, Inc. All Rights Reserved.