StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
691486
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2009-03-27T21:19:15.197
FavoriteCount
0
LastActivityDate
2009-03-27T21:19:15.197
LastEditDate
LastEditorUserId
0
OwnerUserId
20161
ParentId
689989
PostTypeId
2
Score
0
ViewCount
0
LastEditorDisplayName
text
Body
This is what we do at <a href="http://amplafi.com" rel="nofollow noreferrer">amplafi.com</a> (h/t See <a href="http://randomcoder.com/articles/jsessionid-considered-harmful" rel="nofollow noreferrer">http://randomcoder.com/articles/jsessionid-considered-harmful</a> ) in the web.xml: <pre><code><filter> <filter-name>DisableSessionIdsInUrlFilter</filter-name> <filter-class> com.amplafi.web.servlet.DisableSessionIdsInUrlFilter </filter-class> </filter> <filter-mapping> <filter-name>DisableSessionIdsInUrlFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </code></pre> And this java code: <pre><code>import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponseWrapper; import javax.servlet.http.HttpSession; /** * remove any session id from the Url. * * * Ideally we would like to only remove this container-provided functionality * only for public portions of the web site (that can be crawled by google) * or for links that are to be bookmarked. * * @author Patrick Moore */ public class DisableSessionIdsInUrlFilter implements Filter { @Override public void destroy() { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if (!(request instanceof HttpServletRequest)) { chain.doFilter(request, response); return; } HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; /* * Next, let's invalidate any sessions that are backed by a URL-encoded * session id. This prevents an attacker from generating a valid link. * Just because we won't be generating session-encoded links doesn't * mean someone else won't try */ if (httpRequest.isRequestedSessionIdFromURL()) { HttpSession session = httpRequest.getSession(); if (session != null) { session.invalidate(); } } HttpServletResponseWrapper wrappedResponse = new ResponseWrapper(httpResponse); chain.doFilter(request, wrappedResponse); } @Override @SuppressWarnings("unused") public void init(FilterConfig arg0) throws ServletException { } /** * wraps response and prevense jsessionid from being encoded on the output. */ private static class ResponseWrapper extends HttpServletResponseWrapper { ResponseWrapper(HttpServletResponse httpResponse) { super(httpResponse); } @Override public String encodeRedirectUrl(String uri) { return uri; } @Override public String encodeRedirectURL(String uri) { return uri; } @Override public String encodeUrl(String uri) { return uri; } @Override public String encodeURL(String uri) { return uri; } } } </code></pre>
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POAny suggestions on how to session proof a website?
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USPat
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.