> > My understanding (and I'd be pleased to be wrong) is that with > > non-customized Struts, imposing a rule like this and keeping the > > jsessionid always out of the URL is not possible. This seems > > restrictive, and perhaps should be re-evaluated. > > This is so easy to implement yourself it barely even bears > discussing. Create an abstract Action super-class, check to > see if cookies are enabled, and if they aren't, block access > and give the user an error message to that effect. You could > have written it in the time you composed this email.
Couldn't this also be done with a Filter? That would probably be better, as otherwise you'd have to change all of your Action classes to derive from a new class. If you're already inheriting from a custom Action base class, then that would be fine. -- To unsubscribe, e-mail: <mailto:struts-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:struts-user-help@;jakarta.apache.org>