The icon is missing. What does the URL come from with the jesssionid?

Recently, I was tossing about an old system , from IE Browser moved to Google browser . Of course, you can't move it directly , It mainly relies on a Google plug-in IETab, Partially incompatible Struts2/JSP The page menu adopts IETab open , A strange thing happened , Some icons on the page don't show up , The main positioning process and cause analysis are recorded below .

At the beginning , I noticed that some of the icons in the menus can't be implemented , But it is not necessary , Some menus are OK , So I didn't pay attention to this problem . Later others found out , Only in IETab Open some menus to .

Let's see the path of the request , The discovery icon is 404, The call path is a.gif;jessionid=xxxxx The format of . Indeed, this path will be in the current nginx Blocked under configuration , But I click to check , It is normal to brush the icon on the page . Fortunately, I did JSP/Servlet Of , I realize that this mechanism uses URL Override to pass the session id , stay Cookie This happens when the session ID does not exist .

Understand this , The whole process was quickly sorted out later . The outer path of this system is /a, adopt iframe Open the real menu path /b, First /b What opens here is a JSP page , This icon is in a JSP Generated on the tag , Generate URL It's time to call response.encodeURL, This could happen URL Rewriting . in addition ,IEtab The free version does not support opening IE Time transfer Cookie Information , Although we use certain means to Cookie Pass on to /a 了 , however /b Your conversation didn't come , So open /b When generating icon paths at the same time , And that's what happened URL rewrite .

In the past, there was no problem that the conversation could not be carried over , This also explains , Why IETab Then the problem became obvious .

This is an old application , Conversation is a must , The configuration cannot be moved casually , Finally, I made a small patch ： In the open /a When , First visit the page in advance /b A simple path to , such /b The session ID of has , Open the menu again and the icon will be displayed normally .

Although it is not popular now JSP 了 , but JSP Still quite powerful . The positioning process turned smoothly encodeURL stay tomcat The concrete realization of , Suddenly, I miss it again .

Source code tracking record

The main source code is org.apache.catalina.connector.Response.

@Override
public String encodeURL(String url) {
    ...
    if (isEncodeable(absolute)) {
        ...
        return toEncoded(url, request.getSessionInternal().getIdInternal());
    }
    ...
}

The core method logic is in these two paragraphs ,isEncodeable Judge whether it is right URL code ,toEncoded Yes URL Encoding .

protected boolean isEncodeable(final String location) {
    ...
    // Are we in a valid session that is not using cookies?
    final Request hreq = request;
    final Session session = hreq.getSessionInternal(false);
    if (session == null) {
        return false;
    }
    if (hreq.isRequestedSessionIdFromCookie()) {
        return false;
    }

    // Is URL encoding permitted
    if (!hreq.getServletContext().getEffectiveSessionTrackingModes().
            contains(SessionTrackingMode.URL)) {
        return false;
    }
    ...
}

It's easy to decide whether to code or not , Determine if there is a conversation , If there is a conversation judgment in Cookie Is there a conversation in ID. If there is no conversation ID, Look, I don't support URL Conversation tracking , Only if you support this feature should you consider URL code .

Introduction to session tracking features ：

• https://stackoverflow.com/questions/16262285/set-tracking-mode-to-cookie-to-remove-appended-session-id-without-using-web-xml
• https://www.logicbig.com/tutorials/java-ee-tutorial/java-servlet/session-tracking-mode.html

protected String toEncoded(String url, String sessionId) {
    ...
    StringBuilder sb = new StringBuilder(path);
    if( sb.length() > 0 ) { // jsessionid can't be first.
        sb.append(';');
        sb.append(SessionConfig.getSessionUriParamName(
                request.getContext()));
        sb.append('=');
        sb.append(sessionId);
    }
    ...
}

The way to encode is to add after the path ;jessionid=xxxx The path of .