Return-Path: Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 16332 invoked from network); 13 Sep 2000 20:13:35 -0000 Received: from mercury.sun.com (192.9.25.1) by locus.apache.org with SMTP; 13 Sep 2000 20:13:35 -0000 Received: from taller.eng.sun.com ([129.144.174.34]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id NAA06746 for ; Wed, 13 Sep 2000 13:13:33 -0700 (PDT) Received: from eng.sun.com (d-ucup02-251-159 [129.144.251.159]) by taller.eng.sun.com (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with ESMTP id NAA16490 for ; Wed, 13 Sep 2000 13:13:29 -0700 (PDT) Message-ID: <39BFE029.C241D820@eng.sun.com> Date: Wed, 13 Sep 2000 13:14:33 -0700 From: "Craig R. McClanahan" X-Mailer: Mozilla 4.75 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: tomcat-dev@jakarta.apache.org Subject: Re: Why are some header values hidden in HttpProcessor.java ? References: <20000912.12345257@bei-1158.stardiv.de> <39BE8E58.EE995B41@eng.sun.com> <20000913.14080786@bei-1158.stardiv.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N Bernd Eilers wrote: > > Summing everthing up so far: > > I think the best would be to have a configurable option as you suggested, > but the default should be not to suppress this header and not to suppress > this cookie because the DEFAULT for tomcat should be to be compliant to > the servlet api specification. > I can buy into your reasoning. The change to make the session ID cookie visible actually got made a few days ago (for Tomcat 4.0), and I'm about to check in the change to make the "Authorization" header visible. > > Bernd > Craig ==================== See you at ApacheCon Europe ! Session VS01 (23-Oct 13h00-17h00): Sun Technical Briefing Session T06 (24-Oct 14h00-15h00): Migrating Apache JServ Applications to Tomcat