tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Web spiders - disabling jsessionid
Date Fri, 01 Dec 2006 21:50:02 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mikolaj,

Mikolaj Rydzewski wrote:
> Caldarale, Charles R wrote:
>> That contradicts what Len said about his site:
>>
>> "On my site (as on many others) you can browse the site without a
>> session, but if you want to log in (to add content or to use
>> personalized settings) you need a session."
>>   
> I can't believe you don't get it ;-) One can browse the site without a
> session (read: not using a session already provided by the container),
> but after login you simply start using a session (i.e. to store user
> context object).

Right. You said "after login". I'm imagining that googlebot doesn't
login to your site. Therefore, there's no need for a session to be
created at all.

Perhaps you are using a bunch of JSPs that do not have 'session="false"'
explicitly configured in them, and they are therefore creating a session
for you implicitly (thus, the jsessionid in the generated URLs).

> Filter with wrapper ServletResponse is IMO the best solution.
> You can apply it to almost every application without touching the code.

Perhaps that is the /quickest/ solution, but I would argue that the best
solution is not to create a session if you don't actually need one.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFcKOK9CaO5/Lv0PARAiZ8AKCcAyqWLT/dW2gd/ag0FPZ2ho+pjQCeIanJ
eMoBr3/0GZqko+9gTx4N9XE=
=QHjq
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message