Actually this is not so uncommon, an there are many 'good' reasons to do
so, see:
http://randomcoder.com/articles/jsessionid-considered-harmful
Here is an example of a filter that takes care of this:
ever want to do this, though. I'd love to hear
your reason for doing it, though.
...
--
View this message in context:
http://www.nabble.com/Turning-off-jsessionid-tp13430750p14289776.html
Sent from the Tomcat - User mailing list archive at Nabble.com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ken,
Ken Bowen wrote:
Is there a way to tell Tomcat to never rewrite urls? I.e., to never add
jsessid ?
Do you want to completely disable sessions, or just always require cookies?
While the servlet specification does not require containers to
Hi All,
Is there a way to tell Tomcat to never rewrite urls? I.e., to never add
jsessid ?
Thanks,
Ken Bowen
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional
On 10/26/07, Christopher Schultz [EMAIL PROTECTED] wrote:
Ken,
Ken Bowen wrote:
Is there a way to tell Tomcat to never rewrite urls? I.e., to never add
jsessid ?
Do you want to completely disable sessions, or just always require cookies?
If the site doesn't need to use sessions at all,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ken,
Ken Bowen wrote:
But all this leads to the obvious question (which I asked): If I'm not
going to allow jsessionid's to slip out, can I suppress
their creation totally?
The creation of the id is implicit in the creation the session: the
Chris,
a) Yes, I plan to always require cookies, because of ...
b) It's the search engine issue: They are cookie-less, and one gets
(severely?) penalized by letting the jsessionid's slip out.
While I'm using UrlRewriteFilter to provide an abstraction to the site's
urls (and it works great),