[EMAIL PROTECTED]: telnet www.travelusa.com 80 Trying 64.58.141.168... Connected to travelusa.com. Escape character is '^]'. GET / HTTP/1.1 Host: www.travelusa.com Connection: close
HTTP/1.1 200 OK Set-Cookie: JSESSIONID=08C6F968CE52476E25202D9B3B41B4C3; Path=/ Content-Type: text/html;charset=ISO-8859-1 Transfer-Encoding: chunked Date: Wed, 21 Jan 2004 02:27:55 GMT Server: Apache Coyote/1.0 Connection: close
Yup - I see a cookie being set. Are there are filters on the webapp? Look for <filter> in web.xml.
Is you index page performing a request dispatcher forward?
Are you sure the page is being after being edited to session=false is being recompiled. I sometimes use HTML comments to verify the page was recompiled.
-Tim
neal cabage wrote:
Which tool are you guys using to view your http response header? I'm using the following:
http://www.searchengineworld.com/cgi-bin/servercheck.cgi
Do you see the cookie being set using this tool?
What sort of filters should I be looking for that could be setting a cookie? btw - my config is just straight Tomcat 4.1, no Apache. If you want to see an example of what I'm seeing, please go to http://www.travelusa.com/. If you can recommend any filters or anything else like that I should be looking at, please let me know. Thanks for your help.
Neal
Jeff Tulley <[EMAIL PROTECTED]> wrote: Yeah, I see the same thing. No jsessionId in the header. with session="false" %>
[EMAIL PROTECTED] 1/20/04 3:31:31 PM >>>
Its on by default because the spec says so.
Are you sure you don't have a filter or anything else creating a session?
I created a page called cowbell with this content with tomcat 4.1: --------------------------------------------------
foo --------------------------------------------------
Then simulated a web browser: -------------------------------------------------- [EMAIL PROTECTED]: telnet localhost 8080 Trying 127.0.0.1... Connected to fever.joedog.org. Escape character is '^]'. GET /cowbell.jsp HTTP/1.1 Host: fever.joedog.org:8080 Connection: close
HTTP/1.1 200 OK Content-Type: text/html;charset=ISO-8859-1 Content-Length: 5 Date: Tue, 20 Jan 2004 22:28:20 GMT Server: Apache-Coyote/1.1 Connection: close
foo Connection closed by foreign host. --------------------------------------------------
-Tim
neal cabage wrote:
Unfortunately this isn't working either. In addition to the session="false"%>directive in my JSP, I have also set the
cookies="false" attribute in my server.xml file, for the host in
question. It is *still* happening!
Perhaps this is a Tomcat bug, as previously suggested? Correct me if
I'm wrong, but doesn't this imply a *HUGE* waist of RAM resources to be writing a cookie like this by default? Why on earth would a web app do this by default? Are there any other ways to shut it off? It was mentioned in the previous thread to look at the servlet being compiled, which may be a good idea - but I don't know what the solution will be if it is in fact compiling the servlet incorrectly. Any other config opps to choke it off?
Neal
Torsten Fohrer wrote:
tomcat sents automatically a cookie named jsessionid for session
maintain to a
browser. with cookies="false" as a context attrribute you disable
this
behaviour
from tomcat documentation:
------
cookies
Set to true if you want cookies to be used for session identifier communication if supported by the client (this is the default). Set
to false
if you want to disable the use of cookies for session identifier communication, and rely only on URL rewriting by the application.
----
or
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html
cu Torsten Fohrer
On Tuesday 20 January 2004 20:58, you wrote:
Verify in your JSP's .java file that sessions are really being
turned
off. Look to see if there is a session=pageContext.getSession()
Also, I think the call to pageContext = _jspxFactory.getPageContext(.....
Needs to have "false" as the 3rd to last argument.
[EMAIL PROTECTED] 1/20/04 12:39:54 PM >>>
Neal wrote:
I used the tag "" which does appear correct, but I'm still seeing that header:
"Set-Cookie: JSESSIONID=97C8777F16379B8EC2CD17273CE35C3C; Path=/"
There are two reasons why I want to get rid of this:
1. I assume I'm waiting server resources holding open a session for every user, unnecessarily.
2. I've been told this may prevent Google from properly spidering
the
site.
Can you please shed any more light on how to fix this potential
issue?
Probably not, but I will try...
Did you clear the cookies on your browser? If the browser is saying "Hi! XXX is my session ID", then, (iif that session exists), tomcat is
free
of saying "Hi! keep your session ID, which is XXX"
Other than that, no idea. I have never struggled to avoid cookies. Sorry. I was only echoing something I have read in the past.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
