+1 for converting it to disabled now (assuming it works for Tomcat 6+).
On Wed, Mar 20, 2013 at 10:05 AM, Marvin Addison <[email protected]>wrote: > > top.jsp in line 22 or so has a Page directive requiring a session. > > > > <%@ page session="true" %> > > FWIW, we strategically removed that directive from the top include in > our theme. It's _very_ undesirable to start a session on ever request > to CAS. Theoretically sessions should be started only when needed; at > present a session is required for the /login URI exclusively. > > > The comment on the commit suggests that the true is required for Tomcat > 5.5, > > but false is fine for Tomcat 6 (and later?) > > Can you or anyone else cite a reference that discusses this > requirement in further detail? > > > I'd like to go further and make the default false again, with > > the comment suggesting that Tomcat 5.5 adopters make the change. > > +1 > > Even if there is a requirement to have that directive for 5.5, I think > it's fair to assume those deployers are in the minority. 5.5 has > reached EOL [1], which is further justification. > > M > > [1] http://tomcat.apache.org/tomcat-55-eol.html > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
