2013/2/7 Christopher Schultz <[email protected]>: > Konstantin, > > On 2/7/13 5:19 AM, Konstantin Kolinko wrote: >> Any other web application that wants to use this feature has to >> configure this filter explicitly and must pass all important URLs >> through HttpServletResponse.encodeURL(). > > Web applications should always pass URLs through > HttpServletResponse.encodeURL (or > HttpServletResponse.encodeRedirectURL), whether they are important or > not ;)
Generally yes, but static resources that do not require authentication and do not require session, such as images, work better without jsessionid. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
