You can change the name of HTTP Cookie and the path parameter name of a URL by performing the following settings:

• Easy Setup definition file (webserver.session.cookie_config.name parameter)
• cosminexus.xml (war-session-config-cookie-config-name tag)
• web.xml (/web-app/session-config/cookie-config/name element) (in the case of Servlet 3.0 and later)
• Servlet API (setName() method of the javax.servlet.SessionCookieConfig interface) (in the case of Servlet 3.0 and later)
  

  Note

  If settings made with different methods exist, the settings are applied in the order of the settings made using the Servlet APIs, coding in the cosminexus.xml, coding in web.xml, and coding in the Easy Setup definition file.

When the webserver.session.cookie_config.name parameter of the Easy Setup definition file is true, and the specified HTTP Cookie name is duplicated with the path parameter name of the URL as well as the name of the Cookie specified in the Cookie addition function, the system performs the following operations.

When duplicated with the name specified in the webserver.session.cookie_config.name parameter of the Easy Setup definition file

A default session ID is set. In the case of an HTTP Cookie, the session ID is 'JSESSIONID' and in the case of a path parameter of a URL, the session ID is 'jsessionid'.

When duplicated with the name specified in cosminexus.xml, web.xml, or Servlet API

KDJE39338-E is output at the time of starting the Web application, and the Web application fails to start. KDJE39338-E is output at the time of executing the Web application reload process and the reload process is continued. When KDJE39338-E is output during the reload process, first modify the file in which the name of the Cookie was changed by using Servlet API, and then re-execute the reload process.

URL rewrite is executed when the Servlet API that executes URL rewrite in the J2EE applications is invoked.

• The Servlet API that executes URL rewrite is a method of the following javax.servlet.http.HttpServletResponse interface:
• encodeURL(java.lang.String url) method
• encodeRedirectURL(java.lang.String url) method
• encodeUrl(java.lang.String url) method
• encodeRedirectUrl(java.lang.String url) method

For details on these methods, see the Servlet specifications. Note that the encodeUrl(java.lang.String url) method and the encodeRedirectUrl(java.lang.String url) method are the deprecated APIs in Servlet 2.1 and later versions. Therefore, Hitachi recommends that you use methods other than these two methods.

As the API operations not specified in the Servlet specifications, this subsection describes the operations on Application Server for the return value of the Servlet API for executing URL rewrite.

An HTTP session is enabled only in Web applications that are processing the requests. Therefore, URL rewrite will only be performed if the URL specified in the Servlet API argument is the URL indicated in the Web applications that are processing the requests. The following table lists the conditions for determining whether the URL is in the Web applications that are processing the requests for each URL argument:

Table 2-31 Conditions for determining whether the URL is in the Web applications that are processing the requests for each URL argument

Types of argument URL	Conditions
Relative URL (Example: /ex/a.html)	The URL is determined as being in the Web application only if the following condition is fulfilled: The normalized path of the argument URL contains the context root name of the Web application that is processing the requests.#1
Absolute URL (Example: http: //host1/ex/)	The URL is determined as being in the Web application only if the following conditions are fulfilled: The schema of the argument URL is http or https.#2 If the argument URL and request URL have the same schema, the port number is matching. The host name of the argument URL matches with the request host name. #1#3 The normalized path of the argument URL contains the context root name of the Web application that is processing the requests.#1

#1

Case-sensitive when names are compared.

#2

Case-insensitive when names are compared.

#3

The request host name is the host name part of the request Host header and compare the strings without performing name resolution of the host name. Use the return value of the javax.servlet.ServletRequest.getServerName method for the request host name. Note that in the following cases even if the host is the same, the host will be determined as a different host:

• When the argument URL is the host name specification, the request URL is the IP address
• When the argument URL is the IP address specification, the request URL is the host name

This subsection also describes the return values when a string other than URL is specified in the Servlet API argument for executing URL rewrite. Furthermore, the specification of a query or fragment at the beginning of the URL is also described here.

The following table lists the return values for each Servlet API argument for executing URL rewrite:

Table 2-32 Return values for each Servlet API argument for executing URL rewrite

Item No.	Conditions		Return value or exceptions
	HTTP session	Argument
1	N	null	null is returned.
2	N	Invalid format for URL	The java.lang.IllegalArgumentException exception has occurred.
3	A new HTTP session is present during the request processing. Session ID is notified during URL rewrite.	Null character string	The value with the session ID added is returned for the URL path of the HTTP request and the query.#1
4		URL beginning with query (when the first character is a question mark (?))	The value with the value specified in the session ID and argument added is returned for the URL path of the HTTP request.#1
5		URL beginning with fragment (when the first character is a hash mark (#))	The value specified in the argument is returned.#2
6		URL containing the path parameter that indicates the session ID of the current HTTP session	The value specified in the argument is returned.
7		URL determined to be in the Web application that is processing the requests.	The value with the session ID added in the argument is returned.
8	Other conditions		The value specified in the argument is returned.

Legend:

--: Not applicable

Note:

The item numbers in this table indicate the priority of the conditions, the smaller the item number, the higher the priority of the condition.

#1

The path is not included in the argument URL, so you cannot directly add a path parameter to the argument URL. A URL in which the argument begins with a null character string or query indicates request URL resources, therefore, use the value with the path parameter added to the request URL to perform URL rewrite.

#2

A URL that is only a fragment indicates a specific location in the current resources. In a Web browser, normally this URL is treated as one that indicates shift in the displayed contents. At this time, a request is not sent to the server. This operation is in accordance with RFC3986.

The following is an example of URL where URL rewrite is used to add the session ID. Note that this example is based on the following prerequisites:

Preconditions

• Servlet API is executed after the HTTP session is generated.
• HTTP request URL is http: //host1/gyoumu1/app1/index.jsp?type=1.
• The context root name is /gyoumu1.

The following is an example table describing the compliance between the specified value of the servlet API arguments used in URL rewrite and the return value after rewrite (URL):

Table 2-33 Specified value of the servlet API arguments used in URL rewrite and the corresponding return value after rewrite (URL)

Servlet API arguments	Return values
b.html	b.html;jsessionid=AAAAA111112222233333444445555566svr0
../b.html	../b.html;jsessionid=AAAAA111112222233333444445555566svr0
../../b.html	../../b.html
http: //host2/	http: //host2
https: //host1/gyoumu1/	https: //host1/gyoumu1/;jsessionid=AAAAA111112222233333444445555566svr0
"" (null character string)	"/gyoumu1/app1/index.jsp;jsessionid=AAAAA111112222233333444445555566svr0?type=1"
"?mode=2"	"/gyoumu1/app1/index.jsp;jsessionid=AAAAA111112222233333444445555566svr0?mode=2"
"#aaa"	"#aaa"

This point describes the precautions for using URL rewrite.

Screen transition from static contents

In the case of screen transition from the static contents (such as HTML file), the session managed with URL rewrite is not maintained.

When you use URL rewrite to manage a session, implement settings so that the screen will always transit by using servlets or JSPs. Also, implement the process for adding the session ID by rewriting URL with Servlet API in the servlets or JSPs.

Request URL acquired in the Web applications

Even if the HTTP request URL contains the path parameter indicating the session ID managed by URL rewrite, the path parameter indicating the session ID is not included in the URL acquired with the following methods:

Interface

javax.servlet.http.HttpServletRequest interface

Method

• getRequestURI() method
• getRequestURL() method

When an HTTP request is send using the HTTPS protocol, the session ID generated by the Web container is returned to the client by the HTTP Cookie. At that time, the Secure property is allocated to the HTTP Cookie.

Also, when the scheme is set up using the gateway specification functionality so that the scheme is considered as HTTPS, and if the session ID generated by the Web container is returned to the client by the HTTP Cookie, the Secure attribute is allocated to the respective HTTP Cookie.