-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mikolaj,
Mikolaj Rydzewski wrote: > Caldarale, Charles R wrote: >> That contradicts what Len said about his site: >> >> "On my site (as on many others) you can browse the site without a >> session, but if you want to log in (to add content or to use >> personalized settings) you need a session." >> > I can't believe you don't get it ;-) One can browse the site without a > session (read: not using a session already provided by the container), > but after login you simply start using a session (i.e. to store user > context object). Right. You said "after login". I'm imagining that googlebot doesn't login to your site. Therefore, there's no need for a session to be created at all. Perhaps you are using a bunch of JSPs that do not have 'session="false"' explicitly configured in them, and they are therefore creating a session for you implicitly (thus, the jsessionid in the generated URLs). > Filter with wrapper ServletResponse is IMO the best solution. > You can apply it to almost every application without touching the code. Perhaps that is the /quickest/ solution, but I would argue that the best solution is not to create a session if you don't actually need one. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFcKOK9CaO5/Lv0PARAiZ8AKCcAyqWLT/dW2gd/ag0FPZ2ho+pjQCeIanJ eMoBr3/0GZqko+9gTx4N9XE= =QHjq -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
