Lets face it, there is virtually no site of interest that doesn't require cookies (or javascript). A possibility to turn url rewriting off would be really great even it isn't covered by the servlet spec. And we all know how disturbing url rewriting is for crawlers. But since tomcat isn't a ref impl anymore, maybe a convenience method?
regards Leon On Feb 10, 2008 1:05 AM, David Brown <[EMAIL PROTECTED]> wrote: > Hello, you might want to take a look at: > > http://www.coreservlets.com/ > > The marquee author hosting the above named site wrote a book with the same > title: > * According to the author (Marty Hall) the only downside(s) to cookies are > privacy issues. > * The client browser has to have cookies turned on and the user can turn them > off anytime. > * If sensitive data is embedded this is a liability problem. > * Search engines can create cross-reference links (text, images, etc.) to > pages that use cookies. > > Anyway you cut it you will need session tracking albeit cookies or > URL-Rewriting i.e. the JSESSIONID. The jsessionid is in itself a type of > cookie. The security risk is if someone can sniff or guess the jsessionid the > page is open to hi-jacking. > > Theres more at the link above. HTH. > > Gregory Gerard wrote .. > > > http://tomcat.apache.org/tomcat-5.5-doc/config/context.html > > > > I can turn cookies on or off but I don't see a similar setting for > > URL rewriting. > > > > I've already made my peace with requiring cookies for other reasons. > > > > Possible? Downsides? > > > > I'm seeing a lot of double fetching of content (JavaScript files and > > images) (once for when there's ;jsessionid= as part of the URL and > > again once the client's accepted the cookie and the URL is changed). > > > > thanks, > > greg > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
