2013/2/7 Christopher Schultz <ch...@christopherschultz.net>: > Konstantin, > > On 2/7/13 5:19 AM, Konstantin Kolinko wrote: >> Any other web application that wants to use this feature has to >> configure this filter explicitly and must pass all important URLs >> through HttpServletResponse.encodeURL(). > > Web applications should always pass URLs through > HttpServletResponse.encodeURL (or > HttpServletResponse.encodeRedirectURL), whether they are important or > not ;)
Generally yes, but static resources that do not require authentication and do not require session, such as images, work better without jsessionid. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
