4 Replies Latest reply on Apr 18, 2002 5:17 AM by jules_gosnell

http session using id problem jboss3.0.0beta

jmcdg Apr 16, 2002 7:57 AM

We have recently changed to jboss-3.0.0beta from JBoss-2.4.4_Jetty-3.1.3-1.

The http session, with cookies disabled, and urls encoded does not seem to be kept any more. The urls are encoded fine with the jsessionid, however the session is always lost between pages. Can anyone help?

Also, is there a newer version of the jetty-plugin.sar available now compared to the one in jboss-3.0.0beta?

1. Re: http session using id problem jboss3.0.0beta

jules_gosnell Apr 16, 2002 10:02 AM (in response to jmcdg)

If you are not using it try this:

http://prdownloads.sourceforge.net/jboss/jboss-3.0.0RC1.zip

re the session id problem - what browser are you using ?

Jules
Actions
2. Re: http session using id problem jboss3.0.0beta

jmcdg Apr 17, 2002 8:04 AM (in response to jmcdg)

Yes I am using the jboss-3.0.0RC1.

But I found the problem. The urls are of the form http://host/;jsessionId=blahblah?x=1

- they are all going to the index.jsp.

however when the url is
http://host/index.jsp;jsessionId=blahblah?x=1

the session works - so there is a small problem with session ids in urls not working when requesting an index file - as in the first url above. But thats ok for my problem.
Actions
3. Jetty Fix (Need to be checked)

g_andre Apr 17, 2002 2:23 PM (in response to jmcdg)

I investigated the url jsessionid problem further. Now I can explain it and I have got a fix.

This is the handlers being called when using a jsessionid url like in http://localhost:8080/;jsessionid=1019065300368

1 HttpServer.service handling i=0
2 HttpContext.handle pathParams=jsessionid=1019065300368 url=/
3 JBossWebApplicationContext$JBossSXSecurityHandler
4 SecurityHandler
5 WebApplicationContext$WebInfProtect
6 FilterHandler completed
7 ServletHandler
8 ResourceHandler pathParams=null !!! url=/index.jsp
9 JBossWebApplicationContext$JBossSXSecurityHandler
10 SecurityHandler
11 WebApplicationContext$WebInfProtect
11 ServletHandler

At step 7 nothing happens because getHolderEntry( pathInContext ) returns null which means / is not one of the context path( is it correct? ).

At step 8 the ressourceHandler replaces / by index.jsp but set pathParam to null ( Therefore definitely losing the session id ) and restart the whole process.
These are the ResourceHandler methods involved ( in ResourceHandler.java ).
public void handle(String pathInContext,String pathParams,HttpRequest request,HttpResponse response)
which calls ( note that pathParams is missing )
public void handleGet(HttpRequest request,HttpResponse response,String pathInContext,Resource resource,boolean endsWithSlash)
which calls( path param is now null )
getHttpContext().handle(0,ipath , null , request , response);

Now the fix:
still in ResourceHandler.java

- Add the pathParam parameter to handleGet and modify the handle call
public void handleGet(HttpRequest request,HttpResponse response,String pathInContext , String pathParam ,Resource resource,boolean endsWithSlash)
...
getHttpContext().handle(0,ipath , pathparam, request , response);

- Modify the method call in handle:
handleGet(request, response, pathInContext , pathParams , resource, endsWithSlash);

I was also wondering if it would be better to always call ResourceHandler before ServletHandler therefore reducing the number of handler calls.

Any feedback welcome :)
Actions
4. Re: Jetty Fix (Need to be checked)

jules_gosnell Apr 18, 2002 5:17 AM (in response to jmcdg)

I've forwarded this to jetty-discuss@yahoogroups.com.

You should follow this list if you want to track it's progress.

Thanks for spending time on this.

Jules
Actions

Go to original post