On Tue, 20 Jul 2004 09:08:39 -0700, Jim Barrows <[EMAIL PROTECTED]> wrote: > > > > > I think you can use url rewriting, and that won't put the > > jsessionid on it. > > > > It's sort of the other way around :-). The "jsessionid" parameter is > > the *result* of performing URL rewriting. If your browser client is > > using cookies, this will only show on the first request for a session > > - the container has to send the session id both ways (cookie and > > rewriting) the first time, because it doesn't know whether or not the > > client has cookies enabled. When the second request comes in with a > > cookie, the container notices and stops bothering to rewrite. > > Ah... okay... did I miss this in the documentation? If so, where is it? I'd like > it for a reference.
The servlet specification, section SRV.7.1 talks about what servlet containers are required to support. You can get a copy from <http://jcp.org/en/jsr/detail?id=154>. You won't see a detailed specification of the "send it both ways the first time" (unless you read the Tomcat code, that is :-), but it's pretty much a natural consequence of how cookies work -- until a cookie is returned, the server has no way to know whether or not they are enabled. Details of how session management is configured for a particular server is, of course, specific to each server. For Tomcat 5, for example, check <http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html> ... in particular, the "cookies" attribute lets you turn off using cookies for session management. Craig --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]