tags:

views:

443

answers:

1
+1  Q: 

Java SessionID: How to get the Name of the GET SessionID Parameter?

Hello,

it seems that the Parameter-Name in the GET request, that represents the SessionID (like jsessionid=XXXXXXXXXXXXXXXXXXXXXXXXXX in Tomcat) is not standardized in the servlet-spec? How can I get the (Servelt Container Specific) name of the SessionID? (At least in Websphere there seems to be the possibilty to change the name of the SessionID-Parameter-Name)

=> The underlaying problem is, I need to encode a URL in a servlet ALWYAS with the session ID. But it seems that the "response.encodeURL()" Method only does this if Cookies are disabled (=>therefor using URL-Rewriting with the sessionID in the URL).

What would be an alternative to always encode a URL with a session ID in a servlet? As the first question implies I wanted to build the sessionid on my own but I therefore need the sessionID-Parameter Name that however seems not be be standardized, so I somehow need to get the Parameter-Name from somewhere...)

UPDATE: The intention is to keep the SessionManagement Functionality provided by the Servlet-Container and not turn it off completely. I need to pass a Callback URL to a third party system that I want to always contain the SessionURL. So I only want to encode this single URL always with the sessionID to minimize any security issues...

Thank you very much Jan

+2  A: 

The jsessionid isn't actually a request parameter, it's encoded on to the URL itself, and then decoded and removed by the container before it gets as far as your controller. The value of jsessionid itself can be retrieved from HttpSession.getId().

If you want to stop Tomcat from using cookies, then you can provide a tomcat-specific context.xml file under WEB-INF, containing something like this:

<Context cookies="false" path="/path/to/my/webapp">
</Context>

This will disable all cookies for that webapp, and tomcat should then automatically encode all session IDs on to the URL instead.

skaffman  2009-11-12 14:26:51
+1 for the hint to anyway disable cookies from the server side on.
BalusC  2009-11-12 14:29:31
Hello skaffman, thanks for your answer. Your answer providers some interesting information I did not know but doesnt solve the problem. I want to keep the Session-Management as provided by the Servlet-Container but however "force" the container to encode a specific URL I will pass to a thirdparty system. For "security reasons" I want to make shure the callback URL does not rely on cookies rather always contains the sessionID that I have set in the Callback URL. As described above I therefore need to find a way to always encode my URL with the session Id. thanks jan.
jan  2009-11-12 14:32:08
The Servlet API provides no way to force the container to do this. You'll have to live with a proprietary mechanism for each container.
skaffman  2009-11-12 14:36:08
hello skaffman, thanks, it seems its not really possible what I am trying to do...
jan  2009-11-12 17:06:05

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java