"Klemme, Robert, myview" wrote:
hi there!
the original e-mail of craig dates some months back.
When a session is first created, Tomcat has no way to know whether
session cookies are supported by the browser. Therefore, to be safe, it
sends the session ID both ways (by cookie and by modifying URLs that you
submit to response.encodeURL calls). On subsequent requests that are
part of this session, Tomcat will notice that it received the session ID
via a cookie, so it will stop doing the rewriting.
i wonder whether anything has changed here, especially whether there is a
configuration option (possibly in server.xml) that switches cookies for
session tracking of.
Yes ... answer depends on version.
Tomcat 3.2: Search in "conf/server.xml" for the string "noCookies" and set the
corresponding attribute to "true". This is global to the entire JVM, and
therefore all webapps.
Tomcat 4.0: You can make a choice of cookies versus not for each webapp
individually (default is to use cookies if they are supported). To turn them
off, create a context entry like this:
Context path="/foo" docBase="foo" cookies="false" ... /
thanks a lot
robert
Craig
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
