tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Charles P. Killmer" <charl...@netgaintechnology.com>
Subject RE: Session ID's
Date Tue, 02 Aug 2005 17:07:26 GMT
PHP handles only relative links.  It ignores the src= and only applies
to href and also creates a hidden field for forms.

Charles 

-----Original Message-----
From: Christoph Kutzinski [mailto:kutzi@gmx.de] 
Sent: Tuesday, August 02, 2005 10:24 AM
To: Tomcat Users List
Subject: Re: Session ID's

That wouldn't make much sense IMO.
What about links to external hosts or to different contexts on the same
host? It would be a security hole to give them your session id.
(One could handle this partly by only applying the rewrite to relative
URLs)

What about links to images, css, javascript files? They would get the
session id and therefore unnecessarily not be cached by the users
browser.

I'm curious:
do you know how PHP handles these issues?

Christoph

Charles P. Killmer wrote:
> I was hoping there was a configuration setting that would tack the 
> session id onto every hyperlink at runtime, much as PHP does.
> 
> Charles
> 
> -----Original Message-----
> From: Derrick Koes [mailto:Derrick_Koes@skillsoft.com]
> Sent: Tuesday, August 02, 2005 9:20 AM
> To: Tomcat Users List
> Subject: RE: Session ID's
> 
> Use HttpServletResponse.encodeURL(String url)
> 
> -----Original Message-----
> From: Charles P. Killmer [mailto:charlesk@netgaintechnology.com]
> Sent: Tuesday, August 02, 2005 10:04 AM
> To: Tomcat Users List
> Subject: Session ID's
> 
> Is there a configuration setting such that every local URL will be 
> encoded with a session id if one is present?  I have developed a site 
> that uses cookies to hold the session id and am getting complaints 
> from users that do not have cookies enabled.
>  
> Thanks
> Charles
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message