Jerald Powel wrote:
Thanks for that. can you tell me then the purpose of jessionid - (methods encodeURL and getRequestedSessionId)?
It seems a bit strange to pass the session around while in the session.
As far as I understand, the only purpose of jsessionid and the above methods is to allow clients to keep track of their session id when they are not able to use cookies for one reason or another.
Normally, tomcat will set a cookie on login containing the sessionid. That cookie is then presented by the client for each subsequent request for a resource in the given context. If this does not work (for example when the client does not allow cookies to be set or simply does not implement cookies), URL rewriting can be used as an alternative. The client then will append ?jsessionid=whatnot to the URL and tomcat will then recognise the sessionid and remove that parameter before passing on the the webapp.
encodeURL() will decide wether the client can use cookies at runtime and of not append the jsessionid parameter. So, if you want your clients to have that option, you have to use that method.
As to getRequestedSessonId(), I could only guess why the specs opted to expose the id to the webapp... there might be valid reasons, but it certainly does not hurt.
HTH
Phil
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
