tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Len Popp" <>
Subject Re: Web spiders - disabling jsessionid
Date Fri, 01 Dec 2006 21:37:07 GMT
On 12/1/06, Caldarale, Charles R <> wrote:
> > From: Chris Adams [mailto:chris.adams@JETISRE.COM]
> > Subject: RE: Web spiders - disabling jsessionid
> >
> > That's not true.  A session id is assigned the moment you hit
> > the site.
> That contradicts what Len said about his site:
> "On my site (as on many others) you can browse the site without a
> session, but if you want to log in (to add content or to use
> personalized settings) you need a session."

What I meant is, the web site will function (mostly) without having a
session that preserves data that across requests. HttpSession objects
may exist; but if the HttpSession objects are not accurately tracking
the user's browsing session, it's still possible to navigate the site.

> And it's certainly not true that Tomcat automatically creates a
> sessionid for every connection.  Creating one is up to the webapps of
> interest.

My webapp does call request.getSession() for all requests. Since
crawlers don't use session cookies, and I've disabled URL rewriting,
they will cause a new session to be created for every page requested.
I do see that happening - while Google is crawling over the site,
several sessions are created and they stay idle until they time out.

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message