Junction cookie concepts

HTML pages from back-end junctioned application servers can contain embedded applets or scripts that dynamically generate server-relative links on the client-side. WebSEAL cannot filter these URLs because they are dynamically generated on the client-side. Therefore, these server-relative URLs are expressed without knowledge of the junction point where the application server resides. This section describes a cookie-based solution to modifying server-relative URLs dynamically generated on the client-side. When a client receives a page from a junctioned server, and requests a resource using a dynamically generated server-relative URL on this page, WebSEAL can attempt to reprocess the URL using a special cookie. The cookie contains the appropriate junction information. This solution requires that we initially create the junction to the back-end application server using the -j option.

  1. Client makes a request for an HTML page from a back-end junctioned application server.

    In addition to other content, the page contains an embedded applet that generates a server-relative URL once the page is loaded on the client's browser.

  2. The page is returned to the client across the junction created with the -j option.

    The -j option causes WebSEAL to prepend a JavaScript block at the beginning of the HTML page.

    The purpose of the JavaScript is to set a junction-identifying cookie on the browser.

  3. When the page is loaded on the client's browser, the JavaScript runs and sets the junction-identifying cookie in the browser's cookie cache.

    The cookie is a session cookie containing the name of the junction.

  4. The embedded applet on the page dynamically runs and generates the server-relative URL.

  5. The client makes a request for a resource using this server-relative URL. The junction cookie information is sent as an HTTP header in this request:

      IV_JCT = /junction-name

  6. Because the server-relative URL in the client request has not been filtered, it appears to WebSEAL as a request for a local resource.

  7. When it fails to locate the resource locally, WebSEAL immediately retries the request using the junction information supplied by the cookie.

  8. With the correct junction information in the URL expression, the resource is successfully located on the back-end application server.

Parent topic: Modification of server-relative URLs with junction cookies