tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Philipp Taprogge <>
Subject Re: RE : encodeURL / jsessionid
Date Fri, 27 Feb 2004 01:05:22 GMT

Jerald Powel wrote:
> Thanks for that. can you tell me then the purpose of jessionid - (methods encodeURL and
> It seems a bit strange to pass the session around while in the session. 

As far as I understand, the only purpose of jsessionid and the above 
methods is to allow clients to keep track of their session id when 
they are not able to use cookies for one reason or another.
Normally, tomcat will set a cookie on login containing the sessionid. 
That cookie is then presented by the client for each subsequent 
request for a resource in the given context. If this does not work 
(for example when the client does not allow cookies to be set or 
simply does not implement cookies), URL rewriting can be used as an 
alternative. The client then will append ?jsessionid=whatnot to the 
URL and tomcat will then recognise the sessionid and remove that 
parameter before passing on the the webapp.
encodeURL() will decide wether the client can use cookies at runtime 
and of not append the jsessionid parameter. So, if you want your 
clients to have that option, you have to use that method.

As to getRequestedSessonId(), I could only guess why the specs opted 
to expose the id to the webapp... there might be valid reasons, but it 
certainly does not hurt.



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message