Problem:
UserA and UserB are in a network with server proxy.
UserA opens page "www.myapp.com/initPage.htm".
If UserB opens the same page, then he will see the page with information from UserA.
For the proxy server is the same page so it returns the information it has cached.
More Info:
Each user has different JSESSIONID and stored in the attribute set-cookie of the header response.
The URL is the same for the two users but the information depends on the JSESSIONID.
The proxy server don't stores the JSON calls only HTML pages.
I tried to solve the problem with this solution but did not work.
Architecture:
My application is implemented with Spring Security 3.1 and Struts2.
Work on Apache2 server, which is connected to a Tomcat7 through mod_jk module and configured with "workers.properties" file.
How I can tell the proxy server will never save the HTML page?
Best regards and thanks.
Finally, this solution worked but adding the filter in the first position in the web.xml.
Best regards and thanks.
Related
I have two servers someserver.com and anotherserver.com
What I need is when a user clicks on someserver.com he or she will be redirected to anotherserver.com
Currently when I do a redirect programatically on the server (ASP.NET MVC IIS)
what a user see is: 1) someserver.com is loaded 2)anotherserver.com is loaded.
What i want is when a user clicks on someserver.com he sees only anotherserver.com in his browser.
Does http protocol allow it?
Thanks!
There are a bunch of approaches to this but the simplest one of you own the domain is to just use domain forwarding st the dns level. Then it won't involve your web server at all. Otherwise, the browser will always have to load the first site, if only briefly, before loading the second one. You can optimize this by just sending a redirect, which should be barely noticeable. Another option would be client-side JavaScript, but if you know on the client that you want to go to the new URL, you could just use a standard hyperlink to it at that point (so I assume this is not an option).
I am learning the concept of caching in MVC and was going through this article. There is a property of the OutputCache attribute 'Location' with following possible values:
Any (Default): Content is cached in three locations: the web server, any proxy servers, and the web browser.
Client: Content is cached on the web browser.
Server: Content is cached on the web server.
ServerAndClient: Content is cached on the web server and and the web browser.
None: Content is not cached anywhere.
I want to know when would we use the Location value Client and Server and why would we prefer one over the other.
If you want to cache user specific information go for server option. for eg. if your view returns the logged in user, then you need to use server option. If your view content is same for all the users, then use client option, it will be cached in the browser.
My ASP.NET MVC3 site, www.mysite.com, pulls images from images.mysite.com. When I'm not logged into my site and using SSL, it works flawlessly. However, when logged in, it get the
Only secure content is displayed.
message in IE9. I understand that. What's the best way to deal with switching URL's for my images? Should I check to see if I'm currently using SSL and point my images to https://images.mysite.com, otherwise http://images.mysite.com?
EDIT: This is an e-commerce site, so most of the time the site is browsed unsecured. But after login, I still need to pull some of those same images, and of course if they browse back to a regular catalog page, it would need to access images. Perhaps I will just have to always use https://images.mysite.com. Just seemed like overkill.
I believe the problem only happens when you're in a secure page accessing content over http. So, for pages that can be seen both in http or https, might be as easy as always using https to get the images, regardless if you're in http or https.
You will always get that message if you are pulling content from a non-SSL site when viewing over SSL. If you site is mostly SSL protected, just always pull images from https://images.mysite.com as you do not get the error if you pull SSL content into a non-SSL site.
Otherwise, you will need to know which pages are only viewable over SSL and which ones are not, and link appropriately.
Lastly, if you site is available over both, you will probably need to look at the HTTPS server variable to determine if you are on SSL or not and use this to determine your link (http or https).
Did you try prefixing with ~instead of ../ or /?
This worked for me.
I have a struts2, Hibernate and Spring application. It works properly at our local end. When we deploy the application on the development server sometimes some forms are submitted twice on form submission. This is causing duplicate data to be entered in the database.
This is happening only on server. This is happening rarely on Firefox but very frequently in IE. And again this happens on only some forms and not on other forms. There is nothing to differentiate those forms though.
We have sometimes used struts 2 submit button to submit forms and sometimes used java script with simple buttons to submit the form.
As a last way we can use interceptor to prevent double forms submission (We will have to make changes to lot of forms) but the point is its not happening at local end at all. Why its happening on server only and that too on some forms and sometimes only.
EDIT:
The other thing I noticed is that when I use no network proxy then even on server form is not submitted twice but when a network proxy is used, the form is submitted twice. The app works fine without any proxy properly. No duplicates at all.
What proxies has to do with it? Has anyone encountered any such issues with network proxy and double form submission?
EDIT2:
Just now I have found out that while using proxy sometimes access is denied in that case post request is sent twice by the browser resulting in double form submission.
If I see the http header I can see two post requests with one of them having following in headers
HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the the request. Access to the Web Proxy service is denied. )
Any ideas about this?
Please help.
If you use jsp and use
<html:submit .... onClick="some javascript code">
you might try to use
<html:button .... onClick=:some javascript code" >
The condition happened to me was
I use "form" tag in my jsp page
I use additional button inside the form tag, which is using javascript that submit the form
Hope it would help.
I'm seeking for solution how to isolate widget included by partial to main site. Issue appear when user access site with https. Ie 6,7 shows security confirmation dialog (part of website resources are not in secure zone).
First of all I download twitter widget on our side, also I download all CSS and pictures. Then I patched widget JS to point onto downloaded resources. But still has not luck with security warning :( I guess the reason of this issue is AJAX request to twitter, but there is no idea how to sole it. (Just to create some kind of proxy on our side).
Thank you for attention.
You just need to host the .js file on your server, and link to that. That is all.
The script auto detects SSL and will make requests to https://twitter-widgets.s3.amazonaws.com/ instead of http//widgets.twimg.com/ dynamically depending on your scenario.
Hope that helps!
geedubb
I got the Twitter Widget to work over HTTPS (SSL) by doing the following:
Save every image, css, and javescript file on my local webserver
Changed every "http" to "https" in the javascript AND in the css
The last piece was tricky. https://twitter.com/statuses/user_timeline.json brings back data that already includes "http"; namely avatars and the profile image. So, I found about four places in widjet.js that used the user_timeline.json data. I hardcoded an image url where ever that "http" data was used. Searching "src" will located all of those places.
It's an ugly fix, but it worked.
You can use a sniffer like HttpWatch to debug this--watch the requests going by and see which ones start with http instead of https. It may be possible to just change the urls you use to point to https://twitter.com, not sure about how your widget works.
thanks Keshar, worked for me. I came to the same conclusion that all http requests had to be https to prevent the IE security warning and also display the twitter feed. I used the live HTTP headers firefox plugin which helps for showing any non-secure http requests, such as the JSON requests.
Jon
If you look through the script there are calls to a https site. If you simply replace the protocol/domain with
https://twitter-widgets.s3.amazonaws.com/
instead of
http//widgets.twimg.com/
it works and you don't have to do anything else.