Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 50934 invoked from network); 4 Jan 2007 15:25:58 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 4 Jan 2007 15:25:58 -0000 Received: (qmail 46837 invoked by uid 500); 4 Jan 2007 15:25:39 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 46773 invoked by uid 500); 4 Jan 2007 15:25:38 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 46410 invoked by uid 99); 4 Jan 2007 15:25:37 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Jan 2007 07:25:36 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of David.Delbecq@oma.be designates 193.190.231.71 as permitted sender) Received: from [193.190.231.71] (HELO bonnie.oma.be) (193.190.231.71) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Jan 2007 07:24:45 -0800 Received: from [193.190.249.120] (bonnie.oma.be [193.190.231.71]) by bonnie.oma.be (8.11.1 (Revision 1.5) /8.11.1) with ESMTP id l04FNug26858 for ; Thu, 4 Jan 2007 15:23:56 GMT Message-ID: <459D1C45.3090005@oma.be> Date: Thu, 04 Jan 2007 16:24:53 +0100 From: David Delbecq User-Agent: Thunderbird 1.5.0.8 (X11/20061115) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: URL rewriting For Session Tracking References: In-Reply-To: X-Enigmail-Version: 0.94.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org En l'instant pr�cis du 01/04/07 16:04, Caldarale, Charles R s'exprimait dans toute sa noblesse: >> From: Christopher Schultz [mailto:chris@christopherschultz.net] >> Subject: Re: URL rewriting For Session Tracking >> >> I think you are misinterpreting the OP's question... I think >> he wants to /force/ the use of URL rewriting to include the >> jsessionid. In that case, he /must/ run all his links through >> HttpServletResponse.encodeURL. >> > > So setting cookies="false" in the element isn't sufficient? > no, setting cookies=false just disable session tracking using cookies. Proper link to your webapplication should travel inside encodeUrl() at some point before rendering it to outputstream. Most tag that output urls are doing it internally (, amongst other are doing it) > (Assuming a session has been created via request.getSession(true), of > course.) I haven't tried it, but that's the implication I got from > reading the doc. Strange, reading the doc i see this " Set to false if you want to disable the use of cookies for session identifier communication, and rely only on URL rewriting by the application. ". That is clear, if you set to false, you must use url rewriting in your application to track session identifier. Setting cookies to false won't magically parse all your pages to add session identifier. (See J2EE specifications for details) > What does cookies="false" actually do, then? > It disables use of cookies for session tracking > To step back a little: why would it be important to use URL encoding to > track sessions rather than do it with cookies? > > Because 1) not everyone has cookies enabled in their browser 2) in some cases it can be useful to have 2 sessions in same browser (something you can't do with cookies) --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org