No, that's not exactly correct. Tomcat performs URL rewriting in its default configuration. So sessions are not 'only' possible if cookies are enabled.
As a first line of defense, your JSP/servlets should be using the encodeURL or encodeRedirectURL methods to ensure that any user that has cookies disabled can use your application. There is also a way to force tomcat to use URL rewriting, no matter whether the user has cookies or not. http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/context.html Search that page for "cookies" -----Original Message----- From: Tom Bednarz [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 10:54 AM To: [EMAIL PROTECTED] Subject: TOMCAT 4.0.1 and Cookies / URL Rewriting Hi, Is it correct, that session tracking with TOMCAT is only possible if Cookies are allowed in the browser. Or is there any configuration possibility to use URL rewriting if a browser has cookies disabled? Thanks, Thomas -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>