On Wed, 3 Jul 2002, Jens Viebig wrote:
> Date: Wed, 3 Jul 2002 10:50:52 +0200
> From: Jens Viebig <[EMAIL PROTECTED]>
> Reply-To: Struts Developers List <[EMAIL PROTECTED]>
> To: Struts Developers List <[EMAIL PROTECTED]>
> Subject: LinkTag Extension to url encode SessionId
>
> I included a noCookies-Attribute in the LinkTag Class, so i can switch
> between Cookie-enabled Session-Tracking and url encoded session tracking.
> So i can do:
> <html:link page='/myAction.do' noCookies='true'>Click here</html:link>
> and get
> http://myserver/myapp/myAction.do;jsessionid=XYZMYSESSION as URL.
>
> even if Tomcat is configured to use Cookie enabled session tracking.
>
> I like to use Cookie-enabled Session-Tracking in the Browser but this fails
> if the browser uses external helper apps to display some stuff in a secured
> web-application (or use a download manager for example).
> I don't know if including a sessionid like i did (using
> ;jessionid=XYZMYSESSION) is Tomcat specific or is in the servlet specs and
> works with all appservers.
>
All app servers that obey the servlet spec use the same mechanisms for
session id cookies and URL rewriting. However, it's not possible for a
web application to tell the container not to use cookies in any portable
way -- that would have to be a configuration setting in the server itself
(as it is with the "no cookies" option on the <Context> element for
Tomcat). If the container is using cookies, it will send the cookie along
with the fact that you've messed with the URL.
In fact, what you are doing is exactly what the container does in
response.encodeURL() -- and Struts takes care of this for you
automatically on <html:form> and <html:link> tags. You should not have to
do anything at all to fall back to url encoded sessions if the client has
cookies turned off (or if the server is configured not to use cookies).
> If this is uselfull for the community i can send in a patch.
>
> Greetings
> Jens Viebig
>
Craig
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
