On Mon, 12 Mar 2001, James Cook wrote:
> Sorry to keep repeating this, but I don't think I phrased it properly.
>
> Is there a technique where the session id is included in the URL even if the
> client browser supports cookies? Basically, I *never* want to use cookies to
> manage sessions, and I *always* want the session id encoded on the URLs.
>
The only way I can think of to do this is to configure your servlet
container to not use cookies for session management, if it has such an
option. Tomcat versions greater than 3.1 can do this, but I don't know
about any other containers in particular.
Absent that approach, you could create a modified version of the
<html:link> tag that forcibly included the session ID (in other words, it
did the processing that response.encodeURL() usually does), but the cookie
would still be included in the response as well, and the container will
probably pay attention to the cookie, and not the session id from the URL,
in subsequent requests.
> thanks,
> jim
>
Craig
