tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bernhard Slominski <bernhard.slomin...@zooplus.com>
Subject AW: Session ID's
Date Tue, 02 Aug 2005 15:33:19 GMT
Some small addition:
URL Rewriting is only used when cookies are switched off.
>From the Servlet Spec:

SRV.7.1.3 URL Rewriting
URL rewriting is the lowest common denominator of session tracking. When a
client will not accept a cookie, URL rewriting may be used by the server as
the basis
for session tracking. URL rewriting involves adding data, a session ID, to
the URL
path that is interpreted by the container to associate the request with a
session.
The session ID must be encoded as a path parameter in the URL string. The
name of the parameter must be jsessionid. Here is an example of a URL
containing encoded path information:
http://www.myserver.com/catalog/index.html;jsessionid=1234

SRV.7.1.4 Session Integrity
Web containers must be able to support the HTTP session while servicing HTTP
requests from clients that do not support the use of cookies. To fulfill
this
requirement, Web containers commonly support the URL rewriting mechanism.

Bernhard

> -----Urspr√ľngliche Nachricht-----
> Von: Charles P. Killmer [mailto:charlesk@netgaintechnology.com]
> Gesendet: Dienstag, 2. August 2005 17:03
> An: Tomcat Users List
> Betreff: RE: Session ID's
> 
> 
> I was hoping there was a configuration setting that would tack the
> session id onto every hyperlink at runtime, much as PHP does.
> 
> Charles
> 
> -----Original Message-----
> From: Derrick Koes [mailto:Derrick_Koes@skillsoft.com] 
> Sent: Tuesday, August 02, 2005 9:20 AM
> To: Tomcat Users List
> Subject: RE: Session ID's
> 
> Use HttpServletResponse.encodeURL(String url) 
> 
> -----Original Message-----
> From: Charles P. Killmer [mailto:charlesk@netgaintechnology.com]
> Sent: Tuesday, August 02, 2005 10:04 AM
> To: Tomcat Users List
> Subject: Session ID's
> 
> Is there a configuration setting such that every local URL will be
> encoded with a session id if one is present?  I have developed a site
> that uses cookies to hold the session id and am getting 
> complaints from
> users that do not have cookies enabled.
>  
> Thanks
> Charles
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message