tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <funk...@joedog.org>
Subject Re: Tomcat - Automatically writes a session?
Date Tue, 20 Jan 2004 22:31:31 GMT
Its on by default because the spec says so.

Are you sure you don't have a filter or anything else creating a session?

I created a page called cowbell with this content with tomcat 4.1:
--------------------------------------------------
<%@page session="false"%>
foo
--------------------------------------------------

Then simulated a web browser:
--------------------------------------------------
funkman@fever: telnet localhost 8080
Trying 127.0.0.1...
Connected to fever.joedog.org.
Escape character is '^]'.
GET /cowbell.jsp HTTP/1.1
Host: fever.joedog.org:8080
Connection: close

HTTP/1.1 200 OK
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 5
Date: Tue, 20 Jan 2004 22:28:20 GMT
Server: Apache-Coyote/1.1
Connection: close


foo
Connection closed by foreign host.
--------------------------------------------------

-Tim

neal cabage wrote:

> Unfortunately this isn't working either.  In addition to the <%@page session="false"%>
directive in my JSP, I have also set the cookies="false" attribute in my server.xml file,
for the host in question.  It is *still* happening!  
>  
> Perhaps this is a Tomcat bug, as previously suggested?  Correct me if I'm wrong, but
doesn't this imply a *HUGE* waist of RAM resources to be writing a cookie like this by default?
 Why on earth would a web app do this by default?  Are there any other ways to shut it off?
 It was mentioned in the previous thread to look at the servlet being compiled, which may
be a good idea - but I don't know what the solution will be if it is in fact compiling the
servlet incorrectly.  Any other config opps to choke it off?
>  
> Neal
> 
> 
> Torsten Fohrer <TFohrer@t-online.de> wrote:
> 
> tomcat sents automatically a cookie named jsessionid for session maintain to a 
> browser. with cookies="false" as a context attrribute you disable this 
> behaviour
> 
> 
> 
> from tomcat documentation:
> 
> ------
> cookies 
> 
> Set to true if you want cookies to be used for session identifier 
> communication if supported by the client (this is the default). Set to false 
> if you want to disable the use of cookies for session identifier 
> communication, and rely only on URL rewriting by the application.
> ----
> 
> or
> http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html
> 
> cu Torsten Fohrer
> 
> 
> On Tuesday 20 January 2004 20:58, you wrote:
> 
>>Verify in your JSP's .java file that sessions are really being turned
>>off. Look to see if there is a
>>session=pageContext.getSession()
>>
>>Also, I think the call to
>>pageContext = _jspxFactory.getPageContext(.....
>>
>>Needs to have "false" as the 3rd to last argument.
>>
>>
>>>>>fiol.bonnin@terra.es 1/20/04 12:39:54 PM >>>
>>
>>Neal wrote:
>>
>>>I used the tag "" which does appear correct,
>>>but I'm still seeing that header:
>>>
>>>"Set-Cookie: JSESSIONID=97C8777F16379B8EC2CD17273CE35C3C; Path=/"
>>>
>>>There are two reasons why I want to get rid of this:
>>>
>>>1. I assume I'm waiting server resources holding open a session for
>>>every user, unnecessarily.
>>>
>>>2. I've been told this may prevent Google from properly spidering the
>>>site.
>>>
>>>
>>>Can you please shed any more light on how to fix this potential
>>
>>issue?
>>
>>
>>
>>Probably not, but I will try...
>>
>>Did you clear the cookies on your browser? If the browser is saying
>>"Hi!
>>XXX is my session ID", then, (iif that session exists), tomcat is free
>>
>>of saying "Hi! keep your session ID, which is XXX"
>>
>>Other than that, no idea. I have never struggled to avoid cookies.
>>Sorry. I was only echoing something I have read in the past.
>> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message