On Fri, Mar 19, 2010 at 6:43 AM, Chris Colman
<chr...@stepaheadsoftware.com> wrote:
>> all servlet containers do that on first request. if you dont care
>> about browsers with cookies disabled you can tweak tomcat to never
>> append jsessionid to the url, afair there is a setting for that.
>> -igor
> I wish I didn't have to care for browsers with cookies disabled but
> there's always some idiot who's preaching to the uninformed that
> 'cookies are a security risk' which is bollocks if you ask me.

Having jsessionid's appended to your url can be a security risk...
Besides, it looks ugly and you don't want search engines to end up
displaying url's with jsessionid's in them.

Furthermore if people don't like cookies they can also have them
deleted after they close the browser, at least there's an option for
that in Firefox.

So I wouldn't worry about your preaching idiot and his uninformed followers ;-)


To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Reply via email to