disabled cookies and URL rewriting

We have a form we are maintaining through OpenText WEM v8.1 and displaying via DSM. We are taking into account we may have users who have their cookies disabled when filling the form. Because are are submitting to a servlet on a different server, we are using the response.sendRedirect. In order to pass the jsessionid, we are using encodeRedirectURL to append the jsessionid if needed. However, we cannot get this jsessionid to ever append to the url. Has anyone ever tried to append the jsessionid to the url? Is there a limitation in opentext that precludes the url from being rewritten to include jsessionid?

Thanks!!

Find more posts tagged with

Comments

William_Thayer

A code snippet would help, can you send that? Also, what is the app server? And are there any log entries after running a test?

Will Thayer

On Thu, May 16, 2013 at 8:13 AM, eLink Entry: Discussion Group - Web Experience Management <v7webcontentmanagement@elinkkc.opentext.com> wrote:

disabled cookies and URL rewriting Posted byhowellc@franklin.edu (Howell, Christine)On 05-16-2013 09:58

We have a form we are maintaining through OpenText WEM v8.1 and displaying via DSM. We are taking into account we may have users who have their cookies disabled when filling the form. Because are are submitting to a servlet on a different server, we are using the response.sendRedirect. In order to pass the jsessionid, we are using encodeRedirectURL to append the jsessionid if needed. However, we cannot get this jsessionid to ever append to the url. Has anyone ever tried to append the jsessionid to the url? Is there a limitation in opentext that precludes the url from being rewritten to include jsessionid? Thanks!!
[To post a comment, use the normal reply function]
Forum: Discussion Group - Web Experience Management
Content Server: Knowledge Center

Will Thayer
Principal Consultant | Avalon Consulting, LLC
P: 720 480 2163 | M: 720 480 2163

William_Thayer

A code snippet would help, can you send that? Also, what is the app server? And are there any log entries after running a test?

Will Thayer

On Thu, May 16, 2013 at 8:13 AM, eLink Entry: Discussion Group - Web Experience Management <v7webcontentmanagement@elinkkc.opentext.com> wrote:

disabled cookies and URL rewriting Posted byhowellc@franklin.edu (Howell, Christine)On 05-16-2013 09:58

We have a form we are maintaining through OpenText WEM v8.1 and displaying via DSM. We are taking into account we may have users who have their cookies disabled when filling the form. Because are are submitting to a servlet on a different server, we are using the response.sendRedirect. In order to pass the jsessionid, we are using encodeRedirectURL to append the jsessionid if needed. However, we cannot get this jsessionid to ever append to the url. Has anyone ever tried to append the jsessionid to the url? Is there a limitation in opentext that precludes the url from being rewritten to include jsessionid? Thanks!!
[To post a comment, use the normal reply function]
Forum: Discussion Group - Web Experience Management
Content Server: Knowledge Center

Will Thayer
Principal Consultant | Avalon Consulting, LLC
P: 720 480 2163 | M: 720 480 2163

Christine_Howell

Thanks for responding! Here is what we are doing:

In jsp form:

<c:url value="http://mcqalx12.qa.mc.franklin.edu:8080/degree-info/processinquiry" var="gotoservlet" />

<form class="validate" action="<c:out value="${gotoservlet}" escapeXml="false" />"

In servlet:

url = confirm +

"?status=" + status +

"&dest=" + dest +

"&name=" + name +

"&prog=" + prog +

"&content=" + content +

"&guid=" + guid +

"&prev=" + prev +

"&acadLevel=" + acadLevel +

"&cca=" + cca +

"&intl=" + intl +

"&mil=" + mil +

"&loc=" + loc_code;

String newurl = res.encodeRedirectURL(url);

log.debug("final url is..."+newurl);

res.sendRedirect(newurl);

return;

The confirm is the url that we wish to redirect to from the servlet.

The form action in the jsp is submitted to the servlet which then redirects to the confirmation page. The form and confirmation pages are on one server which is the dsm delivery stage and the servlet is on a different server hence the redirects rather than forwards. I hope this helps.

Thanks!

William_Thayer

add a line to the servlet log for checking the url without encoding it.

log.debug("url is..." + url);

Not sure the encoded url log is going to help troubleshoot. Also, try to res.sendRedirect(url) unencoded and see if it that works. With that, you'll pinpoint the encode as an issue. Otherwise, there's a redirect issue because of the distributed servers.

On Thu, May 16, 2013 at 10:20 AM, eLink Entry: Discussion Group - Web Experience Management <v7webcontentmanagement@elinkkc.opentext.com> wrote:

Re disabled cookies and URL rewriting Posted byhowellc@franklin.edu (Howell, Christine)On 05-16-2013 12:18

Thanks for responding! Here is what we are doing: In jsp form: <c:url value="http://mcqalx12.qa.mc.franklin.edu:8080/degree-info/processinquiry" var="gotoservlet" />

<form class="validate" action="<c:out value="${gotoservlet}" escapeXml="false" />"

In servlet:

url = confirm +

"?status=" + status +

"&dest=" + dest +

"&name=" + name +

"&prog=" + prog +

"&content=" + content +

"&guid=" + guid +

"&prev=" + prev +

"&acadLevel=" + acadLevel +

"&cca=" + cca +

"&intl=" + intl +</div>
"&mil=" + mil +

"&loc=" + loc_code;

String newurl = res.encodeRedirectURL(url);

log.debug("final url is..."+newurl);

res.sendRedirect(newurl);

return;

The confirm is the url that we wish to redirect to from the servlet.

The form action in the jsp is submitted to the servlet which then redirects to the confirmation page. The form and confirmation pages are on one server which is the dsm delivery stage and the servlet is on a different server hence the redirects rather than forwards. I hope this helps.

Thanks!
[To post a comment, use the normal reply function]
Topic: disabled cookies and URL rewriting
Forum: Discussion Group - Web Experience Management
Content Server: Knowledge Center

Will Thayer
Principal Consultant | Avalon Consulting, LLC
P: 720 480 2163 | M: 720 480 2163

Christine_Howell

I updated the logging to reflect the url before and after:

14:12:36 DEBUG InquiryServlet - before encodeRedirectURL is...http://cms.franklin.edu/wwwfranklinedu/confirm/inquiry?status=ug-ovc&dest=acct&name=jiojgoeip&prog=BSADB&content=false&guid=d0731ac7b60a8310VgnVCM1000001e09000aRCRD&prev=true&acadLevel=undergrad&cca=false&intl=false&mil=false&loc=200

14:12:36 DEBUG InquiryServlet - after encodedRedirectURL is...http://cms.franklin.edu/wwwfranklinedu/confirm/inquiry?status=ug-ovc&dest=acct&name=jiojgoeip&prog=BSADB&content=false&guid=d0731ac7b60a8310VgnVCM1000001e09000aRCRD&prev=true&acadLevel=undergrad&cca=false&intl=false&mil=false&loc=200

As you can see, there is no difference. Cookies are definitely disabled.

Christine_Howell

I also changed it to submit the unencoded URL and got the exact same results.

I have tried several things to get the url to be rewritten but have had no luck.

William_Thayer

So is it accurate to say that the submit page and the servlet appear to working correctly? and the confirmation page isn't picking up the session? are you logging on the confirmation page to test what it's getting.

I don't think there should be a problem with what you're doing, just a matter of finding it and I think it might be the confirm page.

On Thu, May 16, 2013 at 12:35 PM, eLink Entry: Discussion Group - Web Experience Management <v7webcontentmanagement@elinkkc.opentext.com> wrote:

Re Re disabled cookies and URL rewriting 2 Posted byhowellc@franklin.edu (Howell, Christine)On 05-16-2013 14:31

I also changed it to submit the unencoded URL and got the exact same results. I have tried several things to get the url to be rewritten but have had no luck.
[To post a comment, use the normal reply function]
Topic: disabled cookies and URL rewriting
Forum: Discussion Group - Web Experience Management
Content Server: Knowledge Center

Will Thayer
Principal Consultant | Avalon Consulting, LLC
P: 720 480 2163 | M: 720 480 2163

William_Thayer

I don't think there should be a problem with what you're doing, just a matter of finding it and I think it might be the confirm page.

On Thu, May 16, 2013 at 12:35 PM, eLink Entry: Discussion Group - Web Experience Management <v7webcontentmanagement@elinkkc.opentext.com> wrote:

Re Re disabled cookies and URL rewriting 2 Posted byhowellc@franklin.edu (Howell, Christine)On 05-16-2013 14:31

I also changed it to submit the unencoded URL and got the exact same results. I have tried several things to get the url to be rewritten but have had no luck.
[To post a comment, use the normal reply function]
Topic: disabled cookies and URL rewriting
Forum: Discussion Group - Web Experience Management
Content Server: Knowledge Center

Will Thayer
Principal Consultant | Avalon Consulting, LLC
P: 720 480 2163 | M: 720 480 2163

Christine_Howell

That is correct. However, until the servlet can append the jsessionid, the confirmation page will never get the correct session. The only session I really care about is the session in the servlet and that being passed to the confirmation page. The fact that I don't see the jsessionid being appended to the servlet makes me wonder. I can't quite find what I am doing wrong. I am looking at all possible scenarios. I don't see how the form or confirmation page can be the problem if the servlet itself isn't appending it. I have searched long and hard to no avail. Thanks so much for your assistance.

Christine_Howell

Another odd example...

This servlet is invoked by the form within the application itself (the original) before we switched over to CMS to maintain the form.

For the form that is in the same server as the servlet (original form), the jsessionid is successfully appended.

16:02:42 DEBUG InquiryServlet - before encodeRedirectURL is...confirm.jsp?status=ug-ovc&dest=default&name=jiojgoeip&prog=ACCTB&content=false&prev=true&acadLevel=undergrad&cca=false&intl=false&mil=false&loc=200

16:02:42 DEBUG InquiryServlet - after encodedRedirectURL is...confirm.jsp;jsessionid=F8DCC4CCA7A4B9E242081CBB82CBF3FC?status=ug-ovc&dest=default&name=jiojgoeip&prog=ACCTB&content=false&prev=true&acadLevel=undergrad&cca=false&intl=false&mil=false&loc=200

For the form that is on a different server from the servlet, the jsessionid is not successfully appended.

16:06:45 DEBUG InquiryServlet - before encodeRedirectURL is...http://cms.franklin.edu/wwwfranklinedu/confirm/inquiry?status=ug-ovc&dest=acct&name=jiojgoeip&prog=BSADA&content=false&guid=d0731ac7b60a8310VgnVCM1000001e09000aRCRD&prev=true&acadLevel=undergrad&cca=false&intl=false&mil=false&loc=200

16:06:45 DEBUG InquiryServlet - after encodedRedirectURL is...http://cms.franklin.edu/wwwfranklinedu/confirm/inquiry?status=ug-ovc&dest=acct&name=jiojgoeip&prog=BSADA&content=false&guid=d0731ac7b60a8310VgnVCM1000001e09000aRCRD&prev=true&acadLevel=undergrad&cca=false&intl=false&mil=false&loc=200

Obviously, one major difference is that one is relative while the other is full url. I don't see how that would make a difference.

Francisco_Chicharro

Hi,

so you have a .jsp file in a web app. "A" running on an application server "X". From that .jsp you are submitting a form using GET to a serlvet that is running on a different web app. "B" on a different application server "Y". From that servlet you are redirecting to another .jsp that is on the first webapp "A" and application server "X". Am I right?

The jsessionid parameter is added by the application server when cookies are disabled and you perform a request to the same application server and normally to the same webapp. If I understood well, you are redirecting from the servlet to a different application server and webapp, so the jsessionid will never be appended.

I'm attaching the souce of the Response class in Tomcat, this class is the implementation of the ServletResponse implementation of Tomcat. I'm pasting below the javadoc of the isEncodeable method. This method is invoked from the encodeURL(), to decide whether the jsessionid must be appended to the url or not. Among other checks it verifies that the protocol (scheme), host, port, and context are the same in the request and the url to redirect.

/*** Return <code>true</code> if the specified URL should be encoded with* a session identifier. This will be true if all of the following* conditions are met:* <ul>* <li>The request we are responding to asked for a valid session* <li>The requested session ID was not received via a cookie* <li>The specified URL points back to somewhere within the web* application that is responding to this request* <li>If URL rewriting hasn't been disabled for this context* </ul>** @param location Absolute URL to be validated*/protected boolean isEncodeable(final String location) { Kind Regards,Francisco

De: eLink Entry: Discussion Group - Web Experience Management [v7webcontentmanagement@elinkkc.opentext.com]
Enviado el: jueves, 16 de mayo de 2013 22:24
Para: eLink Recipient
Asunto: Re Re Re disabled cookies and URL rewriting 2 2

Re Re Re disabled cookies and URL rewriting 2 2

Posted by howellc@franklin.edu (Howell, Christine) On 05-16-2013 16:23

Another odd example...This servlet is invoked by the form within the application itself (the original) before we switched over to CMS to maintain the form. For the form that is in the same server as the servlet (original form), the jsessionid is successfully appended. 16:02:42 DEBUG InquiryServlet - before encodeRedirectURL is...confirm.jsp?status=ug-ovc&dest=default&name=jiojgoeip&prog=ACCTB&content=false&prev=true&acadLevel=undergrad&cca=false&intl=false&mil=false&loc=200

For the form that is on a different server fr om the servlet, the jsessionid is not successfully appended.

Obviously, one major difference is that one is relative while the other is full url. I don't see how that would make a difference.

[To post a comment, use the normal reply function]
Topic:	disabled cookies and URL rewriting
Forum:	Discussion Group - Web Experience Management
Content Server:	Knowledge Center

Response.java

Francisco_Chicharro

I forgot to mention that a possible solution to your issue is writing a Response Wrapper with your own implementation of encodeURL method to ensure that jsessionid is always appended.

De: Francisco Chicharro
Enviado el: viernes, 17 de mayo de 2013 10:05
Para: MzU3MjU2NzcA@elinkkc.opentext.com
Asunto: RE: Re Re Re disabled cookies and URL rewriting 2 2

Hi,

Re Re Re disabled cookies and URL rewriting 2 2

Posted by howellc@franklin.edu (Howell, Christine) On 05-16-2013 16:23

For the form that is on a different server fr om the servlet, the jsessionid is not successfully appended.

Obviously, one major difference is that one is relative while the other is full url. I don't see how that would make a difference.

[To post a comment, use the normal reply function]
Topic:	disabled cookies and URL rewriting
Forum:	Discussion Group - Web Experience Management
Content Server:	Knowledge Center