tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mikolaj Rydzewski <m...@ceti.pl>
Subject Re: Web spiders - disabling jsessionid
Date Fri, 01 Dec 2006 21:10:08 GMT
Caldarale, Charles R wrote:
>> That's not true.  A session id is assigned the moment you hit 
>> the site.
>>     
>
> That contradicts what Len said about his site:
>
> "On my site (as on many others) you can browse the site without a
> session, but if you want to log in (to add content or to use
> personalized settings) you need a session."
>   
I can't believe you don't get it ;-) One can browse the site without a 
session (read: not using a session already provided by the container), 
but after login you simply start using a session (i.e. to store user 
context object).
> And it's certainly not true that Tomcat automatically creates a
> sessionid for every connection.  Creating one is up to the webapps of
> interest.
>   
Probably. Filter with wrapper ServletResponse is IMO the best solution. 
You can apply it to almost every application without touching the code.

-- 
Mikolaj Rydzewski      <miki@ceti.pl>        http://ceti.pl/~miki/
                    PGP KeyID: 8b12ab02
There are three kinds of people: men, women and unix.


Mime
View raw message