Hy all, I would like Struts NOT to create a session for an unauthentified user. As far as I understand Struts code, I need to set locale="false" in struts-config.xml <controller>.
Is they're any ohter Struts mecanism that can create a session (excluding action-mapping declared as scope="session") ? Doesn't the "locale" default value (true) expose lot's of struts application to attack ? (server Out of Memory because to much sessions have been created - isn't this what is called "Deny Of Service" ?) Nico. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]