On 06/23/2014 12:02 PM, Misagh Moayyed wrote: > Looks like a positive improvement. Have you also tried changing the > session-config in web.xml to be cookie-based?
No, I've not tried that. I understand cookie-config and tracking-mode became available with servlet specification 3.0. Unfortunately, I'm still running 2.5 (Tomcat 6). For older app servers (and maybe when the browser is in private/anonymous mode), could there be utility continuing to send JSESSIONID with the /cas/login POST URL? > POST /cas/login;jsessionid=F7594453044A...?service=https%3A%2F%2F... HTTP/1.1 > Host: cas.ucdavis.edu ... > Content-Type: application/x-www-form-urlencoded > Content-Length: 183 > ... Tom. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
