Our Tomcat creates session IDs with the following format:
jsessionid=a345465820fce654354646ae.(server-name);
Is it possible to configure it so that server-name is not part of session id?
I think you need to implement your own session manager to change the format of JSESSIONID. I am not sure what you want to achieve but this question might be of interest, you also have a link to the session manager HOW-TO at Tomcat.
How to generate custom JSESSIONID, based on some hash of user's data in order to replicate session
However, if you have an Apache server in front of your Tomcat it might be easier to create your own cookie and use that instead of JSESSIONID. You can do this by using the mod_header and there is an example of this in the mod_proxy_balancer documentation.
Hope it helps you forward.
Related
Am following this documentation for Hazelcast based session replication in a Spring Boot APP.
http://docs.spring.io/spring-session/docs/current/reference/html5/guides/hazelcast-spring.html
The code works fine when a local Hazelcast node gets created from spring boot however what i need is a Hazelcast client code to connect to standalone cluster and do the replication and return back the Session ID as a header in "x-auth-header " field.
Client code is something like this
ClientConfig clientConfig = new ClientConfig();
clientConfig.getGroupConfig().setName("dev").setPassword("dev-pass");
clientConfig.getNetworkConfig().addAddress("x.x.x.x");
I am able to get it working with a WEB Filter but it stores the value as cookie and what i need is the header strategy to work.
I couldn't find any documenation or help to acheive it using a Hazelcast client. Can some one please guide me on how to do it.
Thanks
Aravind
Do you have
#Bean
public HeaderHttpSessionStrategy sessionStrategy() {
return new HeaderHttpSessionStrategy();
}
If everything else is working, this should be all you need
Thanks for the quick reply . It works when I create a springawarewebfilter and then define the cookie params.
In that case when I add the header strategy it doesn't work and still resolves to cookies.
May be it was misleading but it worked with springawarewebfilter which I think is different as the above specified link creates a different filter for handling session
The issue was related to the server nodes and firewall in between. Migrated to a separate set of nodes and everything started working.
In my websphere console session properties, the url rewrite is not enabled and I am 100% sure that I dont have any JSESSION suffix or anything on my jsp pages to generate and append the JSESSION. But the issue is on some specific pages like everything which its URI is xxRead.do. The JSESSION is appended at the end of URI automatically and I am not able to prevent it from happening.
Can anyone help me out here, thanks,
JSESSIONID is what is used to keep track of a users HTTP session.
It's absolutely necessary for any web application that will maintain a user session.
As far as I know URL rewriting will only be used by any reasonable web server only as a fallback if cookies are disabled.
Please make sure that's not the case.
The Servlet API resorts to URL rewriting if cookies are disabled.. and every URL that we provide in our JSPs must be inside c:url for this to be in effect. But, in Struts 2, there is an equivalent tag s:url, but its documentation says nothing about automatically adding url-rewriting information (if required) to the url. Is its behaviour similar in this regards to c:url, or do we have some other means to achieve the same effect in Struts 2 ?
I am using Struts 2.1 url tag reference from here
Clarification : In case that the user disables cookies, the other option is to append the jseesionid to each url that is there on the page. c:url handles that for us. My question is that whether s:url does the same thing for us. I was worried as its not mentioned in the documentation link I provided above.
Yes struts2 will do this too. Simply disable cookies and you should see a session id is put into the url (when using s:a tags, I have not tested url tags). I'm glad you added clarification because this is url writing. Url rewriting is done as urls come into the server, where they are then rewritten by certain rules generally so they get directed to the right place within the server(which is not at all what is happening here).
Edit: Thanks to Daud, the correct term is url-rewiting. This is because session management is handled by the container level, although struts2 can manipulate what the session contains, it is the container which provides the session via a "session manager" object and determines how persistence is best managed (including generating the jSession Id).
For details on this for glassfish: http://docs.oracle.com/cd/E18930_01/html/821-2418/beaha.html#beahf
For details on this for tomcat: http://tomcat.apache.org/tomcat-7.0-doc/config/manager.html#Disable_Session_Persistence
For other containers simply google: Container_Name + "session manager"
In J2EE web application, how do I disable the default HttpSession creation?
We have our own way of tracking session, we don't use default jsp/servlet session but the default session sets cookie in browser which I would like to avoid. Right now on every JSP page we specify as session="false" in page directive but often some developers missing this part, so I am trying to find a common place where I can control default session.
I am trying to find a common place where I can control default session.
The answer is servletcontainer specific since that's the one responsible for session creation and management. The standard Servlet API isn't responsible for that. It's unclear which servletcontainer you you're using, so here's a Tomcat targeted answer: create your own <Manager>.
Alternatively, you can also entirely disable cookie support and rely on URL rewriting only (but not do it). This way sessions won't survive among requests. You can do this in in for example Tomcat by setting the cookie attribute of the <Context> element to false.
If you're using another servletcontainer, then you need to consult its documentation based on the newly learnt information and keywords here above, or just to mention here which one it is.
I am using MySql 5
Hi I am using/start learing JDBC. Well I got stuck here: After an user authenticated, I would like to start/generate the session for the user. How do I do that?
In php, I know, we can start by using the "start_session()" function. Is there any similar function in JDBC?
If there is no such kind of functions, how do we create/start session? I am really new to JDBC, so this question may sound stupid to you all, but I really cant find the answer over the internet and thats why I ask this question here. (My best resource)
Oh ya, btw, if its possible, can you include in the answer about the session destroy/delete as well? Thanks in millions
EDIT
Okay, looks like this question abit too easy(or too tough??). Maybe could try this one, is there any other way that java can unique identify an logged in user beside using session??
start_session in php creates a user session if it does not exist.
In the jave web app we have a HttpSession class whose instance is created by doing:
request.getSession(boolean)
This call : Gets the current valid session associated with this request, if create is false or, if necessary, creates a new session for the request, if create is true.
This has nothing to do with JDBC calls - that are mainly related to connection establishment and execution of queries.
Assuming you are talking in the context of web application. There is a session provided by the Servlet container. You authenticate the user and set the credentials in the session of that user, to re-use whenever necessary, for example to know the privileges of the user etc..
Regarding JDBC, we usually go with connection pooling mechanism. So, it has nothing to do with the HTTP session of the user. We get the connection from the pool, and place it back once done. If you need to manage transaction or something you can look into JTA.
[Edited]
Try to look at the code of this Simple Login application. I am sure it will help.
Maybe the JDBC programming modl doesn't look quite the same as php.
Have you tried turorials auch as this, note the use use of Statements and ResultSets. You don't see a "Session"
JDBC is only about interacting with databases (and things that look like them); the concept of a user session doesn't have anything to do with interacting with a database.
As the user Vinegar has suggested, if you are doing Java web development, there is a session implementation available.
I suggest you provide more info on what you are doing and if that includes some sort of web development (I'm assuming yes, since you come from a PHP background).