After all the discussion here about disabling URL rewriting, I have knocked up a filter to overwrite the response so that encodeUrl() is no-op'd (thanx Brice) for requests from callers like google that can't handle or don't need a session.
In the same filter I can invalidate the session after the call to chain.doFilter() so that the sessions created don't hang around.
However it seems an awkward solution, since the session is used throughout the servlet - I thought I could use session.invalidate() just to kill off the session right away and then do a test on the session wherever I need it to see if it is valid or present.
The only test I can do to identify an invalidated session is to try catch on an IllegalStateException on any session method call, but that's goes against my philosophy.
If I overwrite the request as well and override the getSession() to return null, is that going to present any unforeseen issues on these requests that need no session? Or is there a better way of mimicking <%@ page session=false %> ?
Adam -- struts 1.1 + tomcat 5.0.14 + java 1.4.2 Linux 2.4.20 RH9
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
