Watch, Follow, &
Connect with Us

For forums, blogs and more please visit our
Developer Tools Community.


Welcome, Guest
Guest Settings
Help

Thread: How to hide the session URL


This question is not answered. Helpful answers available: 2. Correct answers available: 1.


Permlink Replies: 5 - Last Post: Oct 17, 2014 3:47 AM Last Post By: Sven Heuer
Sven Heuer

Posts: 22
Registered: 9/30/00
How to hide the session URL  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Sep 29, 2014 9:21 AM
Hi,

with usersession.AllowMultipleSessionsPerUser=true is there any way to hide the session ID or to fake the URL?

I can start my intraweb application like http://sepla.intercongress.de/0/1401/timetable/DKOU14/search. This will call the search page in a project 1401 and a specifc subproject DKOU14.

Everything is nice. But a lot of users will not see that the URL is rewritten. So they start to send the session-URL to each other. Not a good idea at all :)

Is it possible that the URL can be retained/changed or at least hidden? I can see that the session id is already in the form post. Should be possible, or?

Best regards
Sven Heuer


Active ultimate licence

Sven Heuer

Posts: 22
Registered: 9/30/00
Re: How to hide the session URL  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Oct 16, 2014 6:09 AM   in response to: Sven Heuer in response to: Sven Heuer
Hi, Alexandre,

no solution available?

Best regards
Sven

Sven Heuer wrote:
Hi,

with usersession.AllowMultipleSessionsPerUser=true is there any way to hide the session ID or to fake the URL?

I can start my intraweb application like http://sepla.intercongress.de/0/1401/timetable/DKOU14/search. This will call the search page in a project 1401 and a specifc subproject DKOU14.

Everything is nice. But a lot of users will not see that the URL is rewritten. So they start to send the session-URL to each other. Not a good idea at all :)

Is it possible that the URL can be retained/changed or at least hidden? I can see that the session id is already in the form post. Should be possible, or?

Best regards
Sven Heuer


Active ultimate licence

John -

Posts: 40
Registered: 8/5/09
Re: How to hide the session URL  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Oct 16, 2014 6:22 AM   in response to: Sven Heuer in response to: Sven Heuer
Hello!

It's an old question.
EMB forum did not store information properly, seems, a lot of threads with useful questions were permanently lost.
As i know, there is no possibility to hide url session ID.
I want this feature too.
Alexandre Machado

Posts: 1,754
Registered: 8/10/13
Re: How to hide the session URL  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Oct 16, 2014 7:11 AM   in response to: Sven Heuer in response to: Sven Heuer
Sven Heuer wrote:
Hi,

with usersession.AllowMultipleSessionsPerUser=true is there any way to hide the session ID or to fake the URL?

I can start my intraweb application like http://sepla.intercongress.de/0/1401/timetable/DKOU14/search. This will call the search page in a project 1401 and a specifc subproject DKOU14.

Everything is nice. But a lot of users will not see that the URL is rewritten. So they start to send the session-URL to each other. Not a good idea at all :)

Is it possible that the URL can be retained/changed or at least hidden? I can see that the session id is already in the form post. Should be possible, or?

In short no, it is not possible to hide it in the current implementation.

The session ID is in the form post, but IW forms are only one part of the whole IntraWeb structure. There are lots of other things that users can do that don't include forms and this would break.

Maybe in the future we can work around this....
Sven Heuer

Posts: 22
Registered: 9/30/00
Re: How to hide the session URL  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Oct 16, 2014 7:52 AM   in response to: Alexandre Machado in response to: Alexandre Machado
Ok, I understand,

Is it possible that origin url can still exist or extended?

So from
http://sepla.intercongress.de/0/1401/timetable/DKOU14/search
to
http://sepla.intercongress.de/0/1401/timetable/DKOU14/search/SESSIONID/$/
or
http://sepla.intercongress.de/SESSIONID/$/0/1401/timetable/DKOU14/search

I would take anything I can grab :)

We have so many calls on the hotline that the "URL" does not work...

Sven


Alexandre Machado wrote:
Sven Heuer wrote:
Hi,

with usersession.AllowMultipleSessionsPerUser=true is there any way to hide the session ID or to fake the URL?

I can start my intraweb application like http://sepla.intercongress.de/0/1401/timetable/DKOU14/search. This will call the search page in a project 1401 and a specifc subproject DKOU14.

Everything is nice. But a lot of users will not see that the URL is rewritten. So they start to send the session-URL to each other. Not a good idea at all :)

Is it possible that the URL can be retained/changed or at least hidden? I can see that the session id is already in the form post. Should be possible, or?

In short no, it is not possible to hide it in the current implementation.

The session ID is in the form post, but IW forms are only one part of the whole IntraWeb structure. There are lots of other things that users can do that don't include forms and this would break.

Maybe in the future we can work around this....
Sven Heuer

Posts: 22
Registered: 9/30/00
Re: How to hide the session URL  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Oct 17, 2014 3:47 AM   in response to: Sven Heuer in response to: Sven Heuer
Ok, I found a solution. Everytime a new session is started I save aSession.Request.PathInfo and aSession.AppId into a database table. It is just a data touple.
If a new session is created I can detect the SessionId in PathInfo. If this is the case I select from the database the old PathInfo with the send sessionid and do a TerminateAndRedirect to this old URL.

Voilá. At least I get called with the origin URL. I think this can be enhanced. But this will help a lot.

Sven


Sven Heuer wrote:
Ok, I understand,

Is it possible that origin url can still exist or extended?

So from
http://sepla.intercongress.de/0/1401/timetable/DKOU14/search
to
http://sepla.intercongress.de/0/1401/timetable/DKOU14/search/SESSIONID/$/
or
http://sepla.intercongress.de/SESSIONID/$/0/1401/timetable/DKOU14/search

I would take anything I can grab :)

We have so many calls on the hotline that the "URL" does not work...

Sven


Alexandre Machado wrote:
Sven Heuer wrote:
Hi,

with usersession.AllowMultipleSessionsPerUser=true is there any way to hide the session ID or to fake the URL?

I can start my intraweb application like http://sepla.intercongress.de/0/1401/timetable/DKOU14/search. This will call the search page in a project 1401 and a specifc subproject DKOU14.

Everything is nice. But a lot of users will not see that the URL is rewritten. So they start to send the session-URL to each other. Not a good idea at all :)

Is it possible that the URL can be retained/changed or at least hidden? I can see that the session id is already in the form post. Should be possible, or?

In short no, it is not possible to hide it in the current implementation.

The session ID is in the form post, but IW forms are only one part of the whole IntraWeb structure. There are lots of other things that users can do that don't include forms and this would break.

Maybe in the future we can work around this....
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02