When I download a fresh struts-menu-2.4.2 war file and deploy it on a newly installed apache-tomcat-5.5.20, hovering on any link for any menu will show the jsessionid parameter as part of the request path. It is appended to the URL like this: page.jsp;jsessionid=1234567890. If I configure the menu using a param value pair, I get a very long URL like this: page.jsp;jsessionid=1234567890?param=value.
Although this means of appending the jsession ID into the URL is a J2EE standard, this URL format may confuse some webservers, including Microsoft IIS. Instead, IIS may report a 404 error for Page Not Found if the ;jsessionid parameter appears in the request URL. At any rate it seems painful to the human eye and I am guessing that there would be security issues at stake. I'm guessing that the framework has planned for the possibility that clientside cookies are disabled for some users of the web application. I know its common practice to maintain state by passing the session token in the URL. But I am clueless as to why the session id is not hidden and I am assuming that this is normal behaviour. I am using firefox 2.0.0.1 on Ubuntus. And I have tried turning cookies on and off but there is no difference. I am testing on my localhost. I can see that this behaviour is not repeated if I run any of the demos: struts resume and struts menu but then the only difference would be which server is being used. Some frameworks come with an ini file with filters of sorts. Does struts menu come with any property setting for properly handling the ;jsessionid parameter for the session? Am I completely off track here and if so can someone please help me get back on track. Thanks, Claudia ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ struts-menu-user mailing list struts-menu-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/struts-menu-user
