tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From brycenesbitt <bry...@obviously.com>
Subject Re: Web spiders - disabling jsessionid
Date Mon, 04 Dec 2006 02:51:54 GMT


Rashmi Rubdi wrote:
> 
> I don't know because this problem doesn't happen in my case, on 2
> different web applications.
> 
> Bryce should really test his case by setting cookies="true" or remove the
> cookies attribute and test his links with Xenu to see if he still gets
> jsessionid with Xenu.
> 
 
A quick google search will show this happens to many other people -- even if
your webapps are magically immune.  http://www.citycarshare.org/ is
definitely affected.

None of the three cookie options do it for me... not "true", not "false",
and not leaving it at the default (which should be true).  This appears to
be something Tomcat just can't do.   While it's a search robot bug (not
parsing out the ";jessionid=", it's my problem.

Next I'll try: 
http://randomcoder.com/articles/jsessionid-considered-harmful
Adding a filter like:

HttpServletResponseWrapper wrappedResponse
    = new HttpServletResponseWrapper(httpResponse)
{
  public String encodeRedirectUrl(String url) { return url; }
  public String encodeRedirectURL(String url) { return url; }
  public String encodeUrl(String url) { return url; }
  public String encodeURL(String url) { return url; }
};
-- 
View this message in context: http://www.nabble.com/Web-spiders---disabling-jsessionid-tf2737558.html#a7670111
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message