DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14173>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14173 <html:link> tag library adds ;jsessionid even if the url is 'javascript:...'. ------- Additional Comments From [EMAIL PROTECTED] 2002-11-04 01:40 ------- I don't know if that is the correct assessment, Ted. The HTML specification only refers to that attribute as a URI. The URI will specify a particular protocol. that protocol can be one of several. I don't see that as a "browser convention". On the other hand, the servlet specification isn't quite clear on when it's necessary or not necessary to encode the session id in the URI. It only states that if the browser supports cookies, or session tracking is turned off, then encoding the session id is unnecessary. However, it only says "for example" when referring to those two conditions. Nowhere (AFAICT) does it say explicitly when the session id should or should not be encoded. >From what I can see, I don't see anything in the HTML or Servlet specification that makes it clear whether link urls should use any particular protocols. In that context, I think it might be worthwhile to consider adding a check for this. I wish this could have happened in the "HttpServletResponse.encodeURL()" method, but that's obviously not going to happen. It might also be useful to understand the impact of this either way, and I don't think I know the full answer to that. I'm not sure how easy it would be to do what he's trying to do with javascript, without fixing this tag. -- To unsubscribe, e-mail: <mailto:struts-dev-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:struts-dev-help@;jakarta.apache.org>
