> top.jsp in line 22 or so has a Page directive requiring a session. > > <%@ page session="true" %>
FWIW, we strategically removed that directive from the top include in our theme. It's _very_ undesirable to start a session on ever request to CAS. Theoretically sessions should be started only when needed; at present a session is required for the /login URI exclusively. > The comment on the commit suggests that the true is required for Tomcat 5.5, > but false is fine for Tomcat 6 (and later?) Can you or anyone else cite a reference that discusses this requirement in further detail? > I'd like to go further and make the default false again, with > the comment suggesting that Tomcat 5.5 adopters make the change. +1 Even if there is a requirement to have that directive for 5.5, I think it's fair to assume those deployers are in the minority. 5.5 has reached EOL [1], which is further justification. M [1] http://tomcat.apache.org/tomcat-55-eol.html -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
