struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jose L Martinez-Avial (JIRA)" <>
Subject [jira] [Commented] (WW-4190) Struts Tag Form & URL explicit excludeSession attribute
Date Thu, 05 Sep 2013 23:06:51 GMT


Jose L Martinez-Avial commented on WW-4190:

The management of the cookie JSESSIONID/session is done by the container, Struts does not
take any part in that (apart from creating the sesion by calling HTTPRequest.getSession(true)).
Usually (unless the browser does not allow cookies, and I don't think you can control that)
the JSESSIONID is managed a cookie, so there is no control of the session in the URL. And
once the session is created, and the JSESSIONID sent to the browser, it is sent back to the
server in all request until the servers removes the cookie (when the session is destroyed).
So I don't think you can do something like that, unless you don't have a session (you only
create it when you needed it) or you just destroy the session.

> Struts Tag Form & URL explicit excludeSession attribute
> -------------------------------------------------------
>                 Key: WW-4190
>                 URL:
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Plugin - Tags
>    Affects Versions:
>         Environment: N/A
>            Reporter: John Patrick
>            Priority: Minor
> Can an addition attribute be added to both the :form and :url tags to explicitly include
or exclude the session details. Leave default behavior as before, but if excludeSession="true"
then JSESSIONID or what ever session variable name is used, then explicitly don't put the
session details on the URL generated.
> I've worked on a few projects that have had to process the URL before using as we have
needed to explicitly not include the session details.
> I'll start thinking about patch etc, but someone up to speed with struts it might only
be a 5 or 15 min job for them.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message