----- Original Message ---- From: "Caldarale, Charles R" [EMAIL PROTECTED]
>> From: Rashmi Rubdi [mailto:[EMAIL PROTECTED] >> Subject: Re: Web spiders - disabling jsessionid >> >> I think then, setting cookies to "true", or simply leaving >> out the cookies attribute should solve the original poster's >> problem with disabling JSESSIONID >Except for the paranoid clients that disable cookies - then there's not >much recourse other than rewriting the URL with the session id IF it's >important to maintain session information. >- Chuck Thanks for clarifying. Another option is to have a dedicated page that says "Cookies Required" whenever cookies are disabled in a browser similar to "Javascript Required" when Javascript is disabled. Many web apps seem to have a Cookies Required page. If this is not a option for a web app then, I guess like a few people mentioned in this thread a Filter to remove JSESSIONID should be implemented. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]