RE: TOMCAT 4.0.1 and Cookies / URL Rewriting

2002-01-28 Thread Tom Bednarz 

Hi Mike,

At 28.01.2002 11:05, you wrote:
>No, that's not exactly correct. Tomcat performs URL rewriting in its default
>configuration. So sessions are not 'only' possible if cookies are enabled.
>
>As a first line of defense, your JSP/servlets should be using the encodeURL
>or encodeRedirectURL methods to ensure that any user that has cookies
>disabled can use your application.

Ah..., this sems to be the problem. I have proted an older Web Application 
from JRun to Tomcat 4.0.1. When I turned of cookie support in my browser, a 
session was created on TOMCAT but my app allways falls back to the logon 
screen. I'll have a look at the code of my servlets and JSP's.

Many thanks!

Thomas


--
To unsubscribe:   
For additional commands: 
Troubles with the list:

RE: TOMCAT 4.0.1 and Cookies / URL Rewriting

2002-01-28 Thread Justin Rowles 

> Is it correct, that session tracking with TOMCAT is only possible if 
> Cookies are allowed in the browser. Or is there any configuration 
> possibility to use URL rewriting if a browser has cookies disabled?

You can use URL rewriting, but it will also require that your HTML server
(Apache?) be configured to let this through.

If you do so, you will always get a session id variable added to URLs for
people without cookies, *OR* the first visit to a page - as no cookie is
sent on the first access.

You will get no rewrite for URLs for users with cookies.

J.
-- 
You're only jealous cos the little penguins are talking to me. 



***
For more information on Ordnance Survey products and services,
visit our web site at http://www.ordnancesurvey.co.uk
***




--
To unsubscribe:   
For additional commands: 
Troubles with the list:

RE: TOMCAT 4.0.1 and Cookies / URL Rewriting

2002-01-28 Thread Mike Curwen 

No, that's not exactly correct. Tomcat performs URL rewriting in its default
configuration. So sessions are not 'only' possible if cookies are enabled.

As a first line of defense, your JSP/servlets should be using the encodeURL
or encodeRedirectURL methods to ensure that any user that has cookies
disabled can use your application.

There is also a way to force tomcat to use URL rewriting, no matter whether
the user has cookies or not.
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/context.html  Search
that page for "cookies"

-Original Message-
From: Tom Bednarz [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 28, 2002 10:54 AM
To: [EMAIL PROTECTED]
Subject: TOMCAT 4.0.1 and Cookies / URL Rewriting


Hi,

Is it correct, that session tracking with TOMCAT is only possible if
Cookies are allowed in the browser. Or is there any configuration
possibility to use URL rewriting if a browser has cookies disabled?

Thanks,

Thomas


--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>


--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

AW: TOMCAT 4.0.1 and Cookies / URL Rewriting

2002-01-28 Thread Ralph Einfeldt 

It's enabled by default, if you use response.encodeUrl()
to create your URL's.

There is no automagic encoder. (I doubt that such a beast
will ever exist, because this is a non trivial 
performance consuming task.)

> -Ursprüngliche Nachricht-
> Von: Tom Bednarz [mailto:[EMAIL PROTECTED]]
> Gesendet: Montag, 28. Januar 2002 17:54
> An: [EMAIL PROTECTED]
> Betreff: TOMCAT 4.0.1 and Cookies / URL Rewriting
> 
> 
> Hi,
> 
> Is it correct, that session tracking with TOMCAT is only possible if 
> Cookies are allowed in the browser. Or is there any configuration 
> possibility to use URL rewriting if a browser has cookies disabled?
> 
> Thanks,
> 
> Thomas
> 
> 
> --
> To unsubscribe:   <mailto:[EMAIL PROTECTED]>
> For additional commands: <mailto:[EMAIL PROTECTED]>
> Troubles with the list: <mailto:[EMAIL PROTECTED]>
> 
> 
> 

--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

TOMCAT 4.0.1 and Cookies / URL Rewriting

2002-01-28 Thread Tom Bednarz 

Hi,

Is it correct, that session tracking with TOMCAT is only possible if 
Cookies are allowed in the browser. Or is there any configuration 
possibility to use URL rewriting if a browser has cookies disabled?

Thanks,

Thomas


--
To unsubscribe:   
For additional commands: 
Troubles with the list: