I am working on a website, where I am using Java/Java EE/struts.
When I request any page it shows me session id and all other stuff in URL. Will some one please help me how to get rid of. I am reading about URL rewriting. But I am not getting how to implement it.
Ex.
http://mywebsite.com/welcome.do;jsessionid=6E79E050360BAC1858CA7AC7974D75C7
I want it to be http://mywebsite.com/ only.
This is useful for SEO also.
I suggest you set the canonical URL instead if you are worried about SEO.
http://googlewebmastercentral.blogspot.com/2009/02/specify-your-canonical.html
Stripping the session id is useful for security and might be for SEO. Keeping the URL identical for all requests isn't.
You want a search engine to distinguish between the different pages of your site. Also you want people/sites to be able to link to a specific page on your website.
Related
The Servlet API resorts to URL rewriting if cookies are disabled.. and every URL that we provide in our JSPs must be inside c:url for this to be in effect. But, in Struts 2, there is an equivalent tag s:url, but its documentation says nothing about automatically adding url-rewriting information (if required) to the url. Is its behaviour similar in this regards to c:url, or do we have some other means to achieve the same effect in Struts 2 ?
I am using Struts 2.1 url tag reference from here
Clarification : In case that the user disables cookies, the other option is to append the jseesionid to each url that is there on the page. c:url handles that for us. My question is that whether s:url does the same thing for us. I was worried as its not mentioned in the documentation link I provided above.
Yes struts2 will do this too. Simply disable cookies and you should see a session id is put into the url (when using s:a tags, I have not tested url tags). I'm glad you added clarification because this is url writing. Url rewriting is done as urls come into the server, where they are then rewritten by certain rules generally so they get directed to the right place within the server(which is not at all what is happening here).
Edit: Thanks to Daud, the correct term is url-rewiting. This is because session management is handled by the container level, although struts2 can manipulate what the session contains, it is the container which provides the session via a "session manager" object and determines how persistence is best managed (including generating the jSession Id).
For details on this for glassfish: http://docs.oracle.com/cd/E18930_01/html/821-2418/beaha.html#beahf
For details on this for tomcat: http://tomcat.apache.org/tomcat-7.0-doc/config/manager.html#Disable_Session_Persistence
For other containers simply google: Container_Name + "session manager"
I have changed URL style of one of my websites to RESTful:
**Old URLs** **New URLs**
/article/all.ab /articles
/article/read.ab?id=345 /articles/345/title-of-my-article
Until the search engines re-index my website with new URLs, people will continue to see old URLs on search engines. If they come to my site with an old URL, they will get a 404.
I want to create a mechanism (by writing a controller, error handler or whatever) that would:
catch a request whose mapping was not found
check if there is a new URL mapped for this request path.
If new URL was found, redirect to that URL.
Else show "404 Page not found" page.
How can this be done?
You could use a rewrite utility like this URL Rewrite Filter to rewrite your URLs before they are processed by your dispatcher servlet. We are using this approach a lot for user-friendly URLs in our web applications and this filter helps a lot. Its functionality is a lot like Apache's mod_rewrite.
Of course, it would require you to adjust your web application and redeploy it. But the ruleset is very easy using regex matches on URLs and would also allow to send redirects to the client (if desired).
I have already built a site with a strong page ranking in Google, but I started with too many subdomains, so I've re-worked the code so that it can all be one a single domain.
I have created a separate app which ought to simply act as a filter, permenantly redirecting all requests made to sub1.mydomain.com/something?id=hi to anotherdomain.com/sub1/something?id=hi. What's the best way to do this? I've tried writing a servlet but it doesn't like the url-pattern /* and I have a feeling this ought to be done as a filter, but I can't get it to work like that either. What's the easiest way to do this in Java?
I just used a simple servlet doing a 301 redirect. To get the correct forwarding url, I ran a regex on the incoming url and altered it as needed.
I have my app engine project myproject.appspot.com hosted at myprojectsdomain.com. I want to permanently redirect all links at myprojectsdomain.com to brandNewDomain.com. I found the Java URL Rewrite filter at http://code.google.com/p/urlrewritefilter/ , but I'm not seeing the documentation on how to use this for a 301 redirect for changing the domain. All the examples seem to be for rewriting the url within the same domain, which doesn't do me much good in my current situation. Am I looking in the wrong places or is there a better way for me to permenantly redirect my Google App Engine Java project? Thanks!
Yes, you are looking at the wrong module. urlrewritefilter just changes the URL before your servlet gets to see it (but it still goes to that servlet). It does not do redirects.
You can implement this yourself, by mapping all URL to a single servlet, which just returns the redirect response (response.sendRedirect).
I would use OCPsoft Rewrite for this:
With Rewrite:
Here is how to do this using Rewrite, which is very configurable.
ConfigurationBuilder.begin()
.defineRule()
.when(Domain.matches("myprojectsdomain.com").and(Path.matches("/{1}")
.where("1").matches(".*")))
.perform(Redirect.permanent("http://brandNewDomain.com/{1}"));
I hope this helps, or at least gives ideas on how to do it with any Rewrite tool.
~Lincoln
I like to know if someone disables the cookies in my browser then cookies dont work for my browser then how can I do sessions in java. I am writing servlets for server side programming.
Then how does my sessions work? How does it recognize the user? As JSESSION ID is stored in cookies...
See HttpServletResponse encodeURL() and encodeRedirectURL().
These functions will rewrite your URLs appropriately to include the session information if the browser doesn't support cookies. Depending on what Java web framework you're using, these functions may be called automatically (as long as you use the framework's methods for writing URLs).
Note that this may not be desirable in all cases, due to the security and caching implications of making the session ID visible in the links. This page summarizes the issues much better than I can in this short space, and provides a way to disable this feature.
You need to append the jsessionid to all the URL's involved in your webapplication which are supposed to be invoked by the client. This includes the redirect URL's and the links in the JSP page.
In case of a redirect URL, you need to use HttpServletResponse#encodeRedirectURL() first:
response.sendRedirect(response.encodeRedirectURL("page.jsp"));
In case of links in a JSP page, you basically need to pass those URL's through HttpServletResponse#encodeURL() first. You can do this with help of JSTL's (just drop jstl-1.2.jar in /WEB-INF) <c:url> tag, it will behind the scenes pass the URL through the aforementioned method:
<%# taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
...
link1
link2
...
<form action="<c:url value="servlet" />" method="post">
...
</form>
If cookies are disabled, you can still maintain sessions by sending the value of JSESSIONID as a query parameter, like:
http://www.mywebsite.com/somePage?JSESSIONID=389729387392
Keep in mind that if security is a primary concern then you may not want to use this approach, as it puts the session id right into the url.
For reference, it's good to know that html5 introduces sessionStorage as part of Web Storage. There is a good article on 24ways.org introducing it: Breaking Out The Edges of The Browser.
Support:
Latest: Internet Explorer, Firefox, Safari (desktop & mobile/iPhone)
Partial: Google Chrome (only supports localStorage)
Not supported: Opera (as of 10.10)
HTML5 (including next generation additions still in development)
If cookies are disabled, most session providers append a URL parameter called JSESSIONID to maintain session state
As others have mentioned, you servlet container, e.g. tomcat, automatically resorts to putting the JSESSIONID in the url if the browser doesn't allow cookies. It is configurable in tomcat, as you can see in this answer.
My advice is that you simply try it. Take your web application as it is right now, without changes, and run it in your browser with cookies disabled, and see what happens.
The other answers are great; I don't need to repeat that. But I do have some additional comments.
Please don't put session data (the entire session) in a cookie, but only a session id, possibly hashed. It's way too easy for people to edit the contents of a cookie. Leave the session data on the server; possibly in a database if you have lots of concurrent users or sessions live very long.
If even the session id itself is very precious you could even put it in a POST parameter, thereby preventing that it occurs in the URL itself.
Look at the standard taglibs for JSP-pages, notably the <c:url> tag.
http://onjava.com/pub/a/pub/a/onjava/2002/05/08/jstl.html?page=2
I believe that it also handles the jsession-id attribute if cookies are not available.