Loading ...
Sorry, an error occurred while loading the content.

Changing Session-IDs

Expand Messages
  • Tilman Hausherr
    Is there anyone who has trouble with changing Session-IDs? I wonder if I should write a short text in the FAQ. ==== A properly programmed servlet puts the
    Message 1 of 3 , Oct 15, 2010
    • 0 Attachment
      Is there anyone who has trouble with changing Session-IDs? I wonder if I
      should write a short text in the FAQ.

      ====

      A properly programmed servlet puts the session ID in a cookie, or in the
      URL, depending whether cookies are enabled on the client or not. If they
      are disabled (as they are in Xenu by default), the server should
      automatically use URL-Rewriting, like this:

      http://localhost:8084/Servlet/;jsessionid=10038C0FF937DF9F3EAF0A4CAA7DBE6D

      To prevent having a new session generated for each new URL, *all*
      internal links must be generated dynamically.

      In Java servlets, this is done with HttpServletResponse.encodeURL(),
      which will either change the URL or leave it as it is.

      In JSP, you can use the JSP Standard Tag Library:

      <a href="<c:url value='funstuff'/>">Click here for fun</a>

      of course you can still do it the hard way:

      <a href="<%=response.encodeURL("funstuff")%>">Click here for fun</a>


      I don't use .php or .asp. If anyone knows, point me to an URL that
      explains a simple way to so that the webmaster doesn't have to know
      whether cookies are enable or not.

      Tilman
    • Jan Hendrik
      Concerning [xenu-usergroup] Changing Session-I ... Not sure if these chapters from the PHP manual have what you need, but anyway they might be a start:
      Message 2 of 3 , Oct 16, 2010
      • 0 Attachment
        Concerning [xenu-usergroup] Changing Session-I
        Tilman Hausherr wrote on 15 Oct 2010, 23:11, at least in part:

        > I don't use .php or .asp. If anyone knows, point me to an URL that
        > explains a simple way to so that the webmaster doesn't have to know
        > whether cookies are enable or not.

        Not sure if these chapters from the PHP manual have what you
        need, but anyway they might be a start:

        http://php.net/manual/en/book.session.php

        http://php.net/manual/en/ref.session.php

        Best regards,

        JH
        ---------------------------------------
        Freedom quote:

        "There's no place out there for graft or greed or lies
        or compromise with human liberties.
        -- James Stewart as Jefferson Smith in
        "Mr. Smith goes to Washington" by Frank Capra, 1939
      • Tilman Hausherr
        Thanks, I see that this URL http://www.php.net/manual/en/session.idpassing.php seems to describe what to do (using the SID constant). I haven t tested it
        Message 3 of 3 , Oct 16, 2010
        • 0 Attachment
          Thanks, I see that this URL
          http://www.php.net/manual/en/session.idpassing.php
          seems to describe what to do (using the SID constant). I haven't tested
          it myself.

          Tilman

          On Sat, 16 Oct 2010 20:49:11 +0200, Jan Hendrik wrote:

          >Concerning [xenu-usergroup] Changing Session-I
          >Tilman Hausherr wrote on 15 Oct 2010, 23:11, at least in part:
          >
          >> I don't use .php or .asp. If anyone knows, point me to an URL that
          >> explains a simple way to so that the webmaster doesn't have to know
          >> whether cookies are enable or not.
          >
          >Not sure if these chapters from the PHP manual have what you
          >need, but anyway they might be a start:
          >
          >http://php.net/manual/en/book.session.php
          >
          >http://php.net/manual/en/ref.session.php
          >
          >Best regards,
          >
          >JH
          >---------------------------------------
          >Freedom quote:
          >
          > "There's no place out there for graft or greed or lies
          > or compromise with human liberties.
          > -- James Stewart as Jefferson Smith in
          > "Mr. Smith goes to Washington" by Frank Capra, 1939
          >
          >
          >
          >------------------------------------
          >
          >Yahoo! Groups Links
          >
          >
          >
        Your message has been successfully submitted and would be delivered to recipients shortly.