tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rashmi Rubdi <>
Subject Re: Web spiders - disabling jsessionid
Date Fri, 01 Dec 2006 22:16:25 GMT
> Caldarale, Charles R wrote:
> Filter with wrapper ServletResponse is IMO the best solution.
> You can apply it to almost every application without touching the code.

>>Perhaps that is the /quickest/ solution, but I would argue that the best
>>solution is not to create a session if you don't actually need one.

I'm using HTTP Session objects on almost every page of the application and I *haven't set
up* a "Filter with wrapper ServletResponse".

When I check Tomcat's server logs (activated by AccessLogValve), I see Googlebot entries of
URLs it crawls and things appear fine.

There's no jsessionid appended at the end of URLs that the bot requests.

I didn't have to do any special configuration to cause jsessionid not to appear, just for
the record the environment is Tomcat 5.5 and HTTP Session objects are created with JSTL and
JSP tags.

The logic in every page deletes the object stored in the session on page load, and re-creates

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message