It's NOT in the web.xml. It's container specific and controls the
behavior of the encodeURL method which is responsible for putting that
information on the url.
Scott
Mike Kienenberger wrote:
No, I don't remember how to do this off the top of my head. The one
place I know how to do it (OC4J) is a container-specific web page.
It might be in the web.xml file as well, though.
A google search or docs for your container are probably the best place
to look.
On 4/12/07, Wong, Emmanuel (Sam) <[EMAIL PROTECTED]> wrote:
Hi:
Do you have an examples file to configure the
container/application to store session information in cookies instead of
the url? is it on the web.xml file? Thanks.
-----Original Message-----
From: Mike Kienenberger [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 12, 2007 12:10 PM
To: MyFaces Discussion
Subject: Re: [tobago] Can we hide the session id on the URL?
This is a standard issue with servlet applications.
One solution is to track the original ip address in the session, and
reject any requests that come from a different ip address.
Another solution is to configure your container/application to store
session information in cookies instead of the url.
On 4/12/07, Wong, Emmanuel (Sam) <[EMAIL PROTECTED]> wrote:
>
>
>
> Hi:
>
> Could we hide the session id on the URL? It seems if I
capture the
> URL with the session id, I was able to get into the application.
Thanks.
>
> --> Sam Wong
>
>
