> In my case it looks like I do have encode all URLs: firewall problem
> with stripping out sessionId left me with no choice ;) Is it right
> way of doing it?
ACK! There's a firewall that's stripping out session ids from URLs but will
let cookies through? There's a security no-brainer in charge.
In my case it looks like I do have encode all URLs: firewall problem
with stripping out sessionId left me with no choice ;) Is it right
way of doing it?
Thanks a lot.
Mark.
--- David Wall <[EMAIL PROTECTED]> wrote:
> > But that's details, the main point I made still holds, and that's
> that
> > t
> But that's details, the main point I made still holds, and that's that
> the Servlet Spec mandates Tomcat's behavior in this area.
Absolutely, Yoav! I certainly didn't mean to imply anything negative about
your response, only that the original inquiry could be handled/checked by
his application
Is it true, that new sessionId will be resend if a new session get
created?
--- "Shapira, Yoav" <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
> >Session cookies (those that don't persist) are becoming quite
> common
> >actually because even small devices are able to keep that bit of
> session
> >state qu
Hi,
>Session cookies (those that don't persist) are becoming quite common
>actually because even small devices are able to keep that bit of
session
>state quite easily.
Ahh yes, small devices. Good point. I based my earlier assertion on
research I read recently showing a (and this is a good th
> >Is there any way to enforce a session cookie (JSESSIONID)to be send
> >to the client (browser) from servlet.
>
> No, because the Servlet Spec says Servlet Container must work even on
> clients that don't support cookies (or have cookies turned off, which is
> becoming a more and more common use-
Hi,
>Is there any way to enforce a session cookie (JSESSIONID)to be send
>to the client (browser) from servlet.
No, because the Servlet Spec says Servlet Container must work even on
clients that don't support cookies (or have cookies turned off, which is
becoming a more and more common use-case)
Is there any way to enforce a session cookie (JSESSIONID)to be send
to the client (browser) from servlet.
__
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail
