tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rashmi Rubdi <>
Subject Re: Web spiders - disabling jsessionid
Date Sat, 02 Dec 2006 01:28:47 GMT
----- Original Message ----
From: "Caldarale, Charles R"

>> From: Rashmi Rubdi [] 
>> Subject: Re: Web spiders - disabling jsessionid
>> I think then, setting cookies to "true", or simply leaving 
>> out the cookies attribute should solve the original poster's 
>> problem with disabling JSESSIONID

>Except for the paranoid clients that disable cookies - then there's not
>much recourse other than rewriting the URL with the session id IF it's
>important to maintain session information.  
>- Chuck

Thanks for clarifying.

Another option is to have a dedicated page that says "Cookies Required" whenever cookies are
disabled in a browser similar to "Javascript Required" when Javascript is disabled. Many web
apps seem to have a Cookies Required page. 

If this is not a option for a web app then, I guess like a few people mentioned in this thread
a Filter to remove JSESSIONID should be implemented.

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message