tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christoph Kutzinski <ku...@gmx.de>
Subject Re: Session ID's
Date Tue, 02 Aug 2005 15:24:03 GMT
That wouldn't make much sense IMO.
What about links to external hosts or to different contexts on the same 
host? It would be a security hole to give them your session id.
(One could handle this partly by only applying the rewrite to relative URLs)

What about links to images, css, javascript files? They would get the 
session id and therefore unnecessarily not be cached by the users browser.

I'm curious:
do you know how PHP handles these issues?

Christoph

Charles P. Killmer wrote:
> I was hoping there was a configuration setting that would tack the
> session id onto every hyperlink at runtime, much as PHP does.
> 
> Charles
> 
> -----Original Message-----
> From: Derrick Koes [mailto:Derrick_Koes@skillsoft.com] 
> Sent: Tuesday, August 02, 2005 9:20 AM
> To: Tomcat Users List
> Subject: RE: Session ID's
> 
> Use HttpServletResponse.encodeURL(String url) 
> 
> -----Original Message-----
> From: Charles P. Killmer [mailto:charlesk@netgaintechnology.com]
> Sent: Tuesday, August 02, 2005 10:04 AM
> To: Tomcat Users List
> Subject: Session ID's
> 
> Is there a configuration setting such that every local URL will be
> encoded with a session id if one is present?  I have developed a site
> that uses cookies to hold the session id and am getting complaints from
> users that do not have cookies enabled.
>  
> Thanks
> Charles
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message