Forum Moderators: phranque
I am working on one recruiting product which is developed in linux running on Apache server. When we disable cookies, session IDs are getting appended in URL which inturn giving access to unauthorized persons.
I wanna strip out the session ids from the url to stop the unauthorized access. I googled and found "mod_rewrite" is compatible with Apache and helps in stripping out the session ids from the URL.
For example original url looks like:
http://example.com:8312/Sites/mysite/viewjob.html?optlink-view=view-10225&ERFormID=newjoblist&ERFormCode=any&JServSessionIdroot=usru0fydn1
from the above url i wanna strip out the whole part next to *any*, modified url should looks like:
http://example.com:8312/Sites/mysite/viewjob.html?optlink-view=view-10225&ERFormID=newjoblist&ERFormCode=any
Can you please help me in stripping out these session ids using mod_rewrite.
Thank you!
Naresh
[edited by: jdMorgan at 7:43 pm (utc) on Nov. 28, 2007]
[edit reason] example.com [/edit]
first off i don't claim to be an apache expert but use it to host some sites...
1. first you appear to be using port 8312 rather than the normal port 80 is there a good reason for this?
2. to your main question, i think the problem is that somewhere in your code the session id is being appended, you need to find where and delete those lines of code i should think.
1.Regarding port: Actually we have several code branches. Different sites created in different branches will be assigned with different ports, like sites created in 8.5.1 code base will have 8312 port and 8.5.2 sites will having differnet some other port 16342.
2. SessionID is getting appended to the url only with the cookie disbled browser(IE) but not with cookie enabled browser.So still is it an issue with the code?
Thoughts?
but hopefully someone more expert will reply
