On 6/28/06, dirk ooms <[EMAIL PROTECTED]> wrote:
AFAIK there are 2 situations in which Tomcat creates a HttpSession (generating
JSESSIONIDS) without an explicit call to request.getSession():
- when the form-based login procedure is used
- when jsp's are compiled, a session will automatically be created by the JSP
engine (also for jsp's that have no security-constraint). if a session is not
needed, this behaviour can be changed by including the line '<%@ page
session="false"%>' in each jsp
- when req.getSession() or req.getSession(true) is called in the application.
dirk
Leon
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
