ops4j-issues
commented
12 years ago Markus Knauer commented
I should add that we are currently integrating Eclipse RAP into Karaf.
Closed ops4j-issues closed 12 years ago
ops4j-issues
commented
12 years ago Markus Knauer commented
I should add that we are currently integrating Eclipse RAP into Karaf.
ops4j-issues
commented
12 years ago Achim Nierbeck commented
of course we are always thankful for "code"-support :smile:
So what is the "usual way" of disabling cookies?
Do we miss something there, for example is there a special way in the web-extender that doesn't work?
ops4j-issues
commented
12 years ago Markus Knauer commented
In Eclipse RAP we are providing a fragment that configures the Jetty session manager to not use cookies. Using a bundle fragment does work with the Jetty that is provided from the Jetty project at eclipse.org, but it doesn't work with the Jetty bundled by Pax Web, because this solution uses the bundle org.eclipse.equinox.http.jetty internally.
(E.g. this is the code that we are using in RAP: http://git.eclipse.org/c/rap/org.eclipse.rap.git/tree/bundles/org.eclipse.rap.jettycustomizer/src/org/eclipse/rap/jettycustomizer/internal/SessionCookieCustomizer.java)
Disabling the cookie behaviour is made possible with the following public method from Jetty:
org.eclipse.jetty.server.session.AbstractSessionManager.setUsingCookies(boolean)
I see two possible ways to integrate a similar behaviour in Pax Web:
Personally, I'd vote for the second way, because it would be symmetrical to disabling URL rewriting, and that's probably what users expect.
ops4j-issues
commented
12 years ago Markus Knauer commented
I've attached a patch against master that allows to disable session cookies.
The same commit on master can be found here:
https://github.com/mknauer/org.ops4j.pax.web/commit/ff40bec75c463dcafac177128d66bd4fb2e27919
For branch pax-web-2.1.x I've created this patch:
https://github.com/mknauer/org.ops4j.pax.web/commit/31838d3c77bb37e31fa12f8cebf53d7ebc94f276
If org.ops4j.pax.web.session.cookie is set to "none" (or null), session cookies are disabled. I tested it in our scenario and it works as expected.
@Achim: How can we proceed from here? Ideally I'd like to have this ability in 2.1.x (we need it in Karaf).
ops4j-issues
commented
12 years ago Achim Nierbeck commented
@Markus, I added you to the team, feel free to apply those pull requests any time.
welcome to the pack.
Regarding trunk, since I'm also working on integrating Tomcat as underlying server, could you also open a issue for the tomcat server so we don't forget about it, that something similar needs to be done.
ops4j-issues
commented
12 years ago Achim Nierbeck commented
@Markus, you didn't pull the merge request yet, do you want me to do this, also a iTest for this would be really helpfull
cause we do have regressions for all kinds of things ever now and then and it's best to cover those with the itests.
ops4j-issues
commented
12 years ago Achim Nierbeck commented
I merged those pull requests, will try to add some additional itests for it later ...
ops4j-issues
commented
12 years ago Markus Knauer commented
Thanks, Achim, that helps us a lot!
Markus Knauer created PAXWEB-427
In order to support multiple browser tabs in Eclipse RAP, we need to disable the session cookies and use URL rewriting instead (see the following entry in our FAQ: http://wiki.eclipse.org/RAP/FAQ#How_to_run_a_RAP_application_in_multiple_browser_tabs.2Fwindows.3F)
Unfortunately our usual way to disable the session cookies does not work with Pax Web. But then we found two very promising configuration properties, but - again unfortunately - it is not possible to use "org.ops4j.pax.web.session.cookie" for disabling session cookies. It looks promising at first glance, but behaves differently to "org.ops4j.pax.web.session.url".
org.ops4j.pax.web.session.cookie
Session cookie name.
From Jetty documentation:
Defaults to JSESSIONID.
org.ops4j.pax.web.session.url
Session URL.
From Jetty documentation:
Defaults to jsessionid. If set to null or "none" no URL rewriting will be done
From my point of view it should be possible to disable the session cookies by setting
org.ops4j.pax.web.session.cookie=null (or "none")
This would be a symmetrical behaviour and is somehow expected.
I'd like to contribute a patch to
org.ops4j.pax.web.service.jetty.internal.JettyServerWrapper.configureSessionManager()
that allows to disable session cookies.
A similar request has been discussed on the mailing list, but no action was taken back then:
http://mail-archives.apache.org/mod_mbox/karaf-user/201205.mbox/%3CCAD0r13eF88cRcej7ZqnoFKpQLND8b_ZtdxuuaDpDBfVd+Q92uA@mail.gmail.com%3E
Affects: 1.0.11 Fixed in: 2.1.1, 3.0.0.M1, 3.0.0 Attachments:
Votes: 0, Watches: 0