See my question about two weeks ago on how to detect jsessionid in the
URL. Looks like it is not directly possible, but you can use our own
request parameter to find this out. After you detect that jsessionid
is in the URL (the harder part), make another redirect to the same
location, and URL will come clean.

Michael.

On 7/7/05, William Stranathan <[EMAIL PROTECTED]> wrote:
> Is there a configuration parameter to ONLY send the jsessionid by
> cookie, not on the URL bar?
> 
> Picture this, user goes to your site http://www.yoursite.com/yourapp
> yoursite redirects to the menu page, which gives a jsessionid.  That
> page is under an auth-constraint and requires login, so you get
> displayed the login page, but the URL you've been redirected to
> includes the jsessionid - like:
> http://www.yoursite.com/yourapp/Menu.do;jessionid=D2DC09EB64CBC7690BCEA68CA484B4C3
> User wants to share the site with their friends, so they copy/paste
> from the URL bar.  Then they log in - their session is now logged in,
> AND they have the same session ID.
> 
> And yes, this does work - I'm able to copy/paste between different
> browsers (exploder and firefox) and the session works fine.
> 
> Is there a way to turn that feature off?

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to