If you don't want the jsessionid on all the urls, you may want to look
at p3p - IE6 uses your p3p policy to decide whether to accept your
cookies or not. I was able to get IE6 to return my session cookies by
returning a P3P header with a compact policy on every request. (I did
this with a custom filter). I could pull together more info/code on that
if you want?
eoin.
http://peelmeagrape.net/eoin/
Greg Akins wrote:
I posted yesterday about problems I'm having with IE
against a webapp that uses Acegi.
I didn't think it had anything to do with Acegi
because my app works in several instances... It's just
this once case of IE against a Win2003 server that is
causing me problems.
However, I just thought on install the
acegi-security-sample war to see how it worked.
It's fine. The JSESSION get's appended to the URL and
never changes.. So the session continues to be
authenticated.
This is the problem with my app. My session get's
appended to the url, but changes everytime I change
web pages... It only happens in IE; but I think
that's because of my cookie settings.
Is there anything in the Acegi configuration related
to URL rewriting or session handling that might cause
this type of problem?
My acegi xml files are attached.
Any help would be greatly appreciated.
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
