#658

Supressing URL rewriting for jesessionid from Lift

    • Created on: Sat, Sep 25 2010 (over 1 year ago)
    • Reported by: c.henkelmann
    • Assigned to: dpp
    • Milestone: -
    • Type: Enhancement
    • Status: Fixed
    • Priority: Lowest (5)
    • Component: Common
    • Estimate: None/Small/Medium/Large None
    • Required Documentation: Example Code
    The Java Servlet Specification 3.0, section 7.1.3, defines a fallback mechanism for maintaining a session with clients with disabled/unsupported cookies by rewriting urls.
    This mechanism however has a number of drawbacks listed here:
    http://randomcoder.com/articles/jsessionid-considered-harmful

    The above Link also contains an example of how to disable url rewriting using a servlet filter.
    Switching url rewriting off in lift would be a nice feature for many Lift Users.
    This could for example be achieved by adding the functionality described in the above link to the LiftFilter and
    making it configurable in LiftRules, e.g. like this:
    LiftRules.jsessionUrlRewriting = false
  • Followers
     
    Ico-users dpp (Assigned To) , c.henkelmann 
     
    Attachments
    No attachments
    Associations
     
    No associations
    Activity
     
    User picture

          on Sep 28, 2010 @ 08:22pm UTC * By dpp

    Assigned to set to dpp
    Status changed from New to Accepted
    User picture

          on Sep 28, 2010 @ 08:22pm UTC * By dpp

    Milestone set to 2.2-M2
    User picture

          on Dec 01, 2010 @ 06:32pm UTC * By dpp

    Milestone changed from 2.2-M2 to -none-
    User picture

          on Dec 05, 2010 @ 07:35pm UTC * By dpp

    Status changed from Accepted to Fixed
    /**
    • Should the JSESSIONID be encoded in the URL if cookies are
    • not supported
    */
    @volatile var encodeJSessionIdInUrl_? = false
    Time Expenditure
    Loading