Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 12611 invoked from network); 1 Dec 2006 21:37:47 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 1 Dec 2006 21:37:47 -0000 Received: (qmail 29727 invoked by uid 500); 1 Dec 2006 21:37:41 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 29700 invoked by uid 500); 1 Dec 2006 21:37:41 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 29689 invoked by uid 99); 1 Dec 2006 21:37:41 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Dec 2006 13:37:41 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of len.popp@gmail.com designates 66.249.92.168 as permitted sender) Received: from [66.249.92.168] (HELO ug-out-1314.google.com) (66.249.92.168) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Dec 2006 13:37:29 -0800 Received: by ug-out-1314.google.com with SMTP id h2so2547115ugf for ; Fri, 01 Dec 2006 13:37:08 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=pCyNaYck4WeTKCB400gJLko4zRFoFUPEbGQC3yYL6X7uuKCdRzb3xTtYQFGE3o1xndHZuqiydLLOBtuI0Ukor4kmqFO4zpGZLZZUPR4jUSrPOCJUmIrm/TaZX14URQVuCo5vmchlj4h2HMDQqgUgyIw58NbtrQJls06iaulBbV8= Received: by 10.82.131.1 with SMTP id e1mr1130411bud.1165009027595; Fri, 01 Dec 2006 13:37:07 -0800 (PST) Received: by 10.82.169.6 with HTTP; Fri, 1 Dec 2006 13:37:07 -0800 (PST) Message-ID: <497fac690612011337k3bde6adg463b3beadf5fe852@mail.gmail.com> Date: Fri, 1 Dec 2006 16:37:07 -0500 From: "Len Popp" To: "Tomcat Users List" Subject: Re: Web spiders - disabling jsessionid In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <0883B67B5A2CFA4997D275DF955EDCF103422A@jetisremx01.jetisre.local> X-Virus-Checked: Checked by ClamAV on apache.org On 12/1/06, Caldarale, Charles R wrote: > > From: Chris Adams [mailto:chris.adams@JETISRE.COM] > > Subject: RE: Web spiders - disabling jsessionid > > > > That's not true. A session id is assigned the moment you hit > > the site. > > That contradicts what Len said about his site: > > "On my site (as on many others) you can browse the site without a > session, but if you want to log in (to add content or to use > personalized settings) you need a session." What I meant is, the web site will function (mostly) without having a session that preserves data that across requests. HttpSession objects may exist; but if the HttpSession objects are not accurately tracking the user's browsing session, it's still possible to navigate the site. > And it's certainly not true that Tomcat automatically creates a > sessionid for every connection. Creating one is up to the webapps of > interest. My webapp does call request.getSession() for all requests. Since crawlers don't use session cookies, and I've disabled URL rewriting, they will cause a new session to be created for every page requested. I do see that happening - while Google is crawling over the site, several sessions are created and they stay idle until they time out. -- Len --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org