tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dan Bush" <dan.b...@gmail.com>
Subject Re: Possibility of Making JSESSIONID Configurable
Date Wed, 24 Sep 2008 15:09:13 GMT
It's kind of hard to fight the specification in the long run. I would
think the language would need to be loosened up from MUST. The
specification could suggest the use JSESSIONID by default, which would
be supported by Tomcat; yet still allow it to be configurable. Not
sure I understand why it would be so problematic for proxies and
looking at the code base it would be a trivial change. Is this matter
still a candidate for and enhancement request so we can put it to a
vote?


On Wed, Sep 24, 2008 at 10:53 AM, Mark Thomas <markt@apache.org> wrote:
> Remy Maucherat wrote:
>> On Wed, 2008-09-24 at 14:52 +0100, Mark Thomas wrote:
>>> The 3.0 servlet spec mentions this (ie Tomcat 7) but there is nothing to
>>> stop this being added to 6.0.x
>>
>> I am not aware of such a proposal in Servlet 3.0 (session cookie
>> configuration and tracking coinfig, but no config for the cookie name or
>> URL parameter name).
> It is in section 7.1.1 of the 3.0 early draft. It only applies to the
> cookie name. Making the url parameter configurable would be non-spec
> complaint but I don't see a good reason not to allow it if users have a
> requirement for it.
>
>> Esp making this configuration per context would a
>> problem to manage, so -1 for that.
> I don't see why. Looking at the code, this would be really simple. At least
> wait until there is a proposed patch before trying to veto it.
>
>> The fixed names are labelled as "MUST" in the sepc. OTOH, I had to
>> accept a hidden system property for specific customers because of
>> Weblo :( Definitely this is a showcase for bad policies of big
>> proprietary vendors, and their bad consequences.
> That depends if the customers had a genuine requirement to change the name
> (not that I can think of one of hand). If they did then it is more the spec
> not keeping pace with user requirements. Tomcat has a couple of non-spec
> compliant configuration options as well.
>
> Mark
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message