tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: URL rewriting For Session Tracking
Date Thu, 04 Jan 2007 15:14:17 GMT
Hash: SHA1


Caldarale, Charles R wrote:
> So setting cookies="false" in the <Context> element isn't sufficient?

That just tells Tomcat not to use cookies to send session identification
to the browser. Yes, the alternative to cookies is the use of URL
rewriting to put the "jsessionid" into the URL, but that actually has to
be done somewhere.

> To step back a little: why would it be important to use URL encoding to
> track sessions rather than do it with cookies?

Maybe they have a "no cookies" requirement or something like that.

I personally write all my apps so that the widest audience can use them.
Cookies are not requires in any of the apps I have written in the last
few years. In order to achieve that, one must encode every URL that gets
put into a web page.

Some JSP taglibs provide this capability so you don't have to worry
about it. But, that means that every URL you emit must go through one of
those tags. I mostly use Velocity (not JSP) and there are niceties in
the Velocity-Tools package (that work with Struts, which is a bonus)
that do the same thing.

It all comes down to the same thing: you must run your URLs through
HttpServletResponse.encodeURL if you want to use URL rewriting at all.

- -chris
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla -


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message