tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: JSESSIONID and impact on google
Date Tue, 09 Feb 2010 14:50:06 GMT
> From: Marian Simpetru [mailto:marian.simpetru@esolutions.ro]
> Subject: JSESSIONID and impact on google
> 
> When it came to google, we realized we are punished for using tomcat,
> since there seems to be no way in disabling jsessionid (session id 
> appended to URL).

Of course there is - don't create a session in the first place.  Sessions are only created
automatically by Tomcat when a login occurs (and I presume the Google bots aren't supplied
with authentication credentials); otherwise it's *your* webapp that has specified that a session
be created.

> Question is: Is there a way to configure tomcat to only use cookies

Again, it's *your* webapp that's appending the session id by calling encodeURL(); if you only
want to use cookies, don't do that.

> Also the name ' JSESSIONID' is configurable?

It's required by the servlet spec, but at least in the current Tomcat level (6.0.24) you can
change it by setting the org.apache.catalina.SESSION_PARAMETER_NAME system property:
http://tomcat.apache.org/tomcat-6.0-doc/config/systemprops.html#Sessions

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message