Yes this is the case. You'd need to change the source and recompile.
-Tim
Lasse Koskela wrote:
Hello,
I recently encountered a requirement to use a session key other than
JSESSIONID for the cookie of a web application deployed on Tomcat 4
(I'm not yet sure about the exact version).
Now, I found a
Hi,
That's still the case in the Spec, yes. So everything Craig said then
is applicable, and your requirement is as bad now as it was years ago.
However, like all other components in Tomcat, you can plug in your own
session manager implementation: you would most likely extend
Any plans on externalizing the session key into an optional
configuration element in server.xml?
Please forgive me if I appear overly persistent but I honestly have no
idea whether Tomcat is strictly required to follow the spec by the
letter and not introduce anything that can be considered
No. You can supply a patch - but no one will commit it. If it is committed,
the other committers will -1 it.
-Tim
Lasse Koskela wrote:
Any plans on externalizing the session key into an optional
configuration element in server.xml?
Please forgive me if I appear overly persistent but I honestly
Hi,
Any plans on externalizing the session key into an optional
configuration element in server.xml?
No.
Please forgive me if I appear overly persistent but I honestly have no
idea whether Tomcat is strictly required to follow the spec by the
letter and not introduce anything that can be