tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: No URL rewriting when cookies are disabled
Date Thu, 05 Feb 2009 16:22:01 GMT
nlif wrote:
> Hi all,
> I am using Tomcat 6.0.18, with Firefox 3.0.6.
> I have a simple servlet, which calls request.getSession(true), and expects
> to create a session only on the first request, and resume an existing
> session on all subsequent requests. As far as I know, according to the
> servlet-spec, servlet containers (e.g. Tomcat), should automatically
> fallback to URL rewriting (i.e. adding the jsessionid parameter to the url)
> when the browser refuses to accept cookies.
> This works fine with cookies enabled, however, as soon as I disable cookies
> in my browser, a new session is created for each request, and the jsessionid
> is not appended to the URL.
> Shouldn't this work by default?
> (I know I can modify the application code to handle this, but I assumed this
> is not necessary.)
Actually, I was just perusing a page in the Tomcat 6 docs :

and it actually says, for the "cookies" attribute :
Set to true if you want cookies to be used for session identifier 
communication if supported by the client (this is the default). Set to 
false if you want to disable the use of cookies for session identifier 
communication, and rely only on URL rewriting *by the application*.

(emphasis is mine)
That sounds to me as, if you want to use URL-rewriting, you have to do 
it explicitly in the application.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message