On Tue, 20 Jul 2004 09:08:39 -0700, Jim Barrows <[EMAIL PROTECTED]> wrote:
> >
> > > I think you can use url rewriting, and that won't put the
> > jsessionid on it.
> >
> > It's sort of the other way around :-).  The "jsessionid" parameter is
> > the *result* of performing URL rewriting.  If your browser client is
> > using cookies, this will only show on the first request for a session
> > - the container has to send the session id both ways (cookie and
> > rewriting) the first time, because it doesn't know whether or not the
> > client has cookies enabled.  When the second request comes in with a
> > cookie, the container notices and stops bothering to rewrite.
> 
> Ah... okay... did I miss this in the documentation?  If so, where is it?  I'd like 
> it for a reference.

The servlet specification, section SRV.7.1 talks about what servlet
containers are required to support.  You can get a copy from
<http://jcp.org/en/jsr/detail?id=154>.  You won't see a detailed
specification of the "send it both ways the first time" (unless you
read the Tomcat code, that is :-), but it's pretty much a natural
consequence of how cookies work -- until a cookie is returned, the
server has no way to know whether or not they are enabled.

Details of how session management is configured for a particular
server is, of course, specific to each server.  For Tomcat 5, for
example, check <http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html>
... in particular, the "cookies" attribute lets you turn off using
cookies for session management.

Craig

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to