tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Web spiders - disabling jsessionid
Date Fri, 01 Dec 2006 21:50:02 GMT
Hash: SHA1


Mikolaj Rydzewski wrote:
> Caldarale, Charles R wrote:
>> That contradicts what Len said about his site:
>> "On my site (as on many others) you can browse the site without a
>> session, but if you want to log in (to add content or to use
>> personalized settings) you need a session."
> I can't believe you don't get it ;-) One can browse the site without a
> session (read: not using a session already provided by the container),
> but after login you simply start using a session (i.e. to store user
> context object).

Right. You said "after login". I'm imagining that googlebot doesn't
login to your site. Therefore, there's no need for a session to be
created at all.

Perhaps you are using a bunch of JSPs that do not have 'session="false"'
explicitly configured in them, and they are therefore creating a session
for you implicitly (thus, the jsessionid in the generated URLs).

> Filter with wrapper ServletResponse is IMO the best solution.
> You can apply it to almost every application without touching the code.

Perhaps that is the /quickest/ solution, but I would argue that the best
solution is not to create a session if you don't actually need one.

- -chris
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla -


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message