Even if it is possible, but I wouldn't do it.
You would have to parse your output after it is generated
and before you really send it to the requesting client.
The parsing has to be quite flexible to recognise links
to external site as it is not a good practice to include
the session id in links to external sites. (That would
open the door to steal the session).
There are several ways to code URL's in a way that it
is hard to say which site will be the target. Just two
examples:
1:
<base href="some.server.domain"><a href="/some/image.gif"></a>
2:
<script>
someServer = 'someServer';
someFunction() {
return someServer + '/some/image.gif';
}
</script>
<a href="javasript:someFunction()">
So this leads to quite some effort in development (or
organisation, if you try to come around this by enforcing
apropriate policies four your web developers) and
performance penalty. And I bet: you will never be shure
if there isn't a whole anywhere.
> -----Ursprüngliche Nachricht-----
> Von: Christian Mallwitz [mailto:[EMAIL PROTECTED]]
> Gesendet: Freitag, 17. November 2000 13:34
> An: '[EMAIL PROTECTED]'
> Betreff: JSP and automatic session id URL rewriting
> Is it possible to
> - force all JSP generated URLS to include a session id
> without having to wrap them in encodeURL()
> - disable generatation of session cookies
