Actually there's a much cleaner alternative described at
http://randomcoder.com/articles/jsessionid-considered-harmful

Just add a filter that wraps the current HttpServletResponse and overrides
the encodeUrl and encodeRedirectUrl so that they just return the passed
string - in that way, the container's code that adds the jsessionid is
never executed!

On Feb 7, 2008 9:38 PM, prelag <prelag@gmai...> wrote:
>
> The Problem
> When developing a web application that you want search engines to actually
> index correctly, it is important to have clean looking, "friendly", and
> descriptive links.  If you implement friendly urls (
> http://tapestry.apache.org/tapestry4.1/usersguide/friendly-urls.html
> http://tapestry.apache.org/tapestry4.1/usersguide/friendly-urls.html  ) and
> implement your own custom service encoder, then you solve half of this
> problem.
>
> The other half of the problem is the way that most application
> servers/servlet containers handle sessions.  The first time a client hits
> the server, the server will generate a new session.  Since the server does
> not know whether or not the client supports sessions it will attempt to
> create a session cookie and also append the jsession id to the end of every
> href url string.  For example, your links look like this:
> http://mydomain.com/product/111/Red+Bull+Injector;jsessionid=392a09sdf9as8df09asdf.
> That link looks great to a search engine indexer except for that ugly
> jsessionid that will really hurt the ability to achieve any sort of page
> rank/link popularity.
>
> The Solution
> In Tapestry there is a fairly easy way to overcome this.  Your pretty links
> should be ExternalLink components.  Here is what one of mine looks like:
> All of the parameters there should make sense if you have implemented
> friendly urls.  However, pay attention to renderer.  What the renderer
> parameter does is let you specify a custom ILinkRenderer to generate the
> string for this links url.  Remember, Tapestry itself does not append the
> jsessionid, that is done by the server, specifically when Tapestry calls the
> HTTPServletResponse.encode() method.
>
> In your page class create a method public CleanLinkRenderer
> getCleanLinkRenderer(){ return new CleanLinkRenderer(); }.  Now create a
> class CleanLinkRenderer that implements ILinkRenderer.  Here is my code, you
> can see where it strips out the jsessionid.  Please remember, I am simply
> stripping off the jsessionid, however you now have full control to write the
> url string exactly the way you want it.  This code is basically a cut/paste
> job of DefaultLinkRenderer except for the commented change.  Now you have
> full control over how your links are written.
>
> public class CleanLinkRenderer implements ILinkRenderer {
>
>     public static final ILinkRenderer SHARED_INSTANCE = new
> CleanLinkRenderer();
>
>     public void renderLink(IMarkupWriter writer, IRequestCycle cycle,
> ILinkComponent linkComponent)
>     {
>         IMarkupWriter wrappedWriter = null;
>
>         if (cycle.getAttribute(Tapestry.LINK_COMPONENT_ATTRIBUTE_NAME) !=
> null)
>             throw new ApplicationRuntimeException(
>                 Tapestry.getMessage("AbstractLinkComponent.no-nesting"),
>                 linkComponent,
>                 null,
>                 null);
>
>         cycle.setAttribute(Tapestry.LINK_COMPONENT_ATTRIBUTE_NAME,
> linkComponent);
>
>         boolean hasBody = getHasBody();
>
>         boolean disabled = linkComponent.isDisabled();
>
>         if (!disabled)
>         {
>             ILink l = linkComponent.getLink(cycle);
>
>             if (hasBody)
>                 writer.begin(getElement());
>             else
>                 writer.beginEmpty(getElement());
>
>             //////HEY EVERYONE THIS IS THE COMMENT I WAS TALKING ABOUT
>             //////HEY EVERYONE THIS IS THE COMMENT I WAS TALKING ABOUT
>             String myUrl = constructURL(l, linkComponent.getAnchor(),
> cycle);
>             myUrl = myUrl.split(";")[0]; //this is where it gets all the
> useful information before the ;jsessionid and ignores the rest
>             writer.attribute(getUrlAttribute(), myUrl);  //this sets the url
> string the the href attribute
>             //////HEY EVERYONE THIS IS THE COMMENT I WAS TALKING ABOUT
>             //////HEY EVERYONE THIS IS THE COMMENT I WAS TALKING ABOUT
>
>
>             beforeBodyRender(writer, cycle, linkComponent);
>
>             // Allow the wrapped components a chance to render.
>             // Along the way, they may interact with this component
>             // and cause the name variable to get set.
>
>             wrappedWriter = writer.getNestedWriter();
>         }
>         else
>             wrappedWriter = writer;
>
>         if (hasBody)
>             linkComponent.renderBody(wrappedWriter, cycle);
>
>         if (!disabled)
>         {
>             afterBodyRender(writer, cycle, linkComponent);
>
>             //linkComponent.renderAdditionalAttributes(writer, cycle);
>
>             if (hasBody)
>             {
>                 wrappedWriter.close();
>
>                 // Close the <element> tag
>
>                 writer.end();
>             }
>             else
>                 writer.closeTag();
>         }
>
>         cycle.removeAttribute(Tapestry.LINK_COMPONENT_ATTRIBUTE_NAME);
>     }
>
>     /**
>      *  Converts the EngineServiceLink into a URI or URL.  This
> implementation
>      *  simply invokes {@link ILink#getURL(String, boolean)}.
>      *
>      **/
>
>     protected String constructURL(ILink link, String anchor, IRequestCycle
> cycle)
>     {
>         return link.getURL(anchor, true);
>     }
>
>     /**
>      *  Invoked after the href attribute has been written but before
>      *  the body of the link is rendered (but only if the link
>      *  is not disabled).
>      *
>      *  <p>
>      *  This implementation does nothing.
>      *
>      **/
>
>     protected void beforeBodyRender(IMarkupWriter writer, IRequestCycle
> cycle, ILinkComponent link)
>     {
>     }
>
>     /**
>      *  Invoked after the body of the link is rendered, but before
>      *  {@link ILinkComponent#renderAdditionalAttributes(IMarkupWriter,
> IRequestCycle)} is invoked
>      *  (but only if the link is not disabled).
>      *
>      *  <p>
>      *  This implementation does nothing.
>      *
>      **/
>
>     protected void afterBodyRender(IMarkupWriter writer, IRequestCycle
> cycle, ILinkComponent link)
>     {
>     }
>
>     /** @since 3.0 **/
>
>     protected String getElement()
>     {
>         return "a";
>     }
>
>     protected String getUrlAttribute()
>     {
>         return "href";
>     }
>
>     protected boolean getHasBody()
>     {
>         return true;
>     }
> }
>
>
> Thanks for reading everyone!
>
>
> Martin Strand-2 wrote:
> >
> > I don't know for sure, but I think this is what's going on:
> > When the session is first created, a cookie is set and JSESSIONID is
> > appended to all links. If your browser doesn't send back the cookie, the
> > JSESSIONID will continue being appended to all links. If your browser
> > accepts the cookie and sends it back on the next request, the cookie will
> > be used instead to track the session id.
> > Initially, there's no way for the server to know whether your browser
> > accepts cookies or not, so it tries both.
> >
> > Martin
> >
> > On Sat, 25 Mar 2006 11:42:42 +0100, Andreas Bulling
> > <spam@phoe...> wrote:
> >
> >> Hi all,
> >>
> >> just a short question - I will see if the answer will also be that short,
> >> as I have no clue what's going wrong here I don't know... :(
> >>
> >> After logging in into my plattform (built with Tapestry) a JSESSIONID
> >> is appended to all links to the different subpages. But:
> >> As I can see a cookie is also created with the same JSESSIONID.
> >> From my understanding either a JSESSIONID _or_ a cookie is used
> >> to track the current session, isn't it? Why do I have both, any idea?
> >>
> >> The second strange thing is that after clicking on one of the
> >> links the JSESSIONID isn't appended to the links anymore?!
> >>
> >> Thanks for your help!
> >>   Andreas
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: tapestry-user-unsubscribe@jaka...
> >> For additional commands, e-mail: tapestry-user-help@jaka...
> >>
> >>
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tapestry-user-unsubscribe@jaka...
> > For additional commands, e-mail: tapestry-user-help@jaka...
> >
> >
> >
>
> --
> View this message in context: http://www.nabble.com/JSESSIONID-and-cookie-tp3585594p15341468.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tape...
> For additional commands, e-mail: users-help@tape...
>
>



--
Andreas Andreou - andyhot@apac... - http://blog.andyhot.gr
Tapestry / Tacos developer
Open Source / JEE Consulting

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tape...
For additional commands, e-mail: users-help@tape...