tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Haszlakiewicz <>
Subject Re: Web spiders - disabling jsessionid
Date Sun, 03 Dec 2006 18:38:29 GMT
On Fri, Dec 01, 2006 at 04:50:02PM -0500, Christopher Schultz wrote:
> Mikolaj Rydzewski wrote:
> > Caldarale, Charles R wrote:
> >> That contradicts what Len said about his site:
> >>
> >> "On my site (as on many others) you can browse the site without a
> >> session, but if you want to log in (to add content or to use
> >> personalized settings) you need a session."
> >>   
> > I can't believe you don't get it ;-) One can browse the site without a
> > session (read: not using a session already provided by the container),
> > but after login you simply start using a session (i.e. to store user
> > context object).
> Right. You said "after login". I'm imagining that googlebot doesn't
> login to your site. Therefore, there's no need for a session to be
> created at all.
> Perhaps you are using a bunch of JSPs that do not have 'session="false"'
> explicitly configured in them, and they are therefore creating a session
> for you implicitly (thus, the jsessionid in the generated URLs).

    I wouldn't be suprised if he wasn't using session=false, since tomcat
makes it _very_ hard to write pages that work with that.  ANY reference to
a session object, even if it would never be accessed (e.g. inside a
<c:if test="false">) causes tomcat to throw an error.
    I was trying to do the same thing wrt removing the jsessionid, although
to make a link checker work better, rather than for google.  I ended up
using session=false on all my (non logged in) pages, but to do so I had to
write a Filter to create my own session map object in request scope (using
a custom EnumeratedMap class) and then change ALL references to "session"
in my jsp pages to "ss_session" (the custom object).

> Perhaps that is the /quickest/ solution, but I would argue that the best
> solution is not to create a session if you don't actually need one.

heh.  yeah, not creating the session is definitely NOT the quickest way. :)


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message