Caldarale, Charles R wrote:
I can't believe you don't get it ;-) One can browse the site without a session (read: not using a session already provided by the container), but after login you simply start using a session (i.e. to store user context object).That's not true. A session id is assigned the moment you hit the site.That contradicts what Len said about his site: "On my site (as on many others) you can browse the site without a session, but if you want to log in (to add content or to use personalized settings) you need a session."
Probably. Filter with wrapper ServletResponse is IMO the best solution. You can apply it to almost every application without touching the code.And it's certainly not true that Tomcat automatically creates a sessionid for every connection. Creating one is up to the webapps of interest.
-- Mikolaj Rydzewski <[EMAIL PROTECTED]> http://ceti.pl/~miki/ PGP KeyID: 8b12ab02 There are three kinds of people: men, women and unix.
smime.p7s
Description: S/MIME Cryptographic Signature