All, While researching an enhancement patch that I'm likely to post, I came across the struts.SecureLinkTool.toEncoded method. It appears to simply add the ";jsessionid=[session id]" parameter to a URL.
Since the response object is available to the SecureLinkTool (it's a protected member of its superclass), why not replace that entire method with a call to response.encodeURL? -chris
signature.asc
Description: OpenPGP digital signature