-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chuck,
Caldarale, Charles R wrote: > So setting cookies="false" in the <Context> element isn't sufficient? That just tells Tomcat not to use cookies to send session identification to the browser. Yes, the alternative to cookies is the use of URL rewriting to put the "jsessionid" into the URL, but that actually has to be done somewhere. > To step back a little: why would it be important to use URL encoding to > track sessions rather than do it with cookies? Maybe they have a "no cookies" requirement or something like that. I personally write all my apps so that the widest audience can use them. Cookies are not requires in any of the apps I have written in the last few years. In order to achieve that, one must encode every URL that gets put into a web page. Some JSP taglibs provide this capability so you don't have to worry about it. But, that means that every URL you emit must go through one of those tags. I mostly use Velocity (not JSP) and there are niceties in the Velocity-Tools package (that work with Struts, which is a bonus) that do the same thing. It all comes down to the same thing: you must run your URLs through HttpServletResponse.encodeURL if you want to use URL rewriting at all. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFnRnI9CaO5/Lv0PARAtfpAJ4qW0hrjvzbXhRGg3CrF3tsMUmuLQCbBz05 5bu0ZELNsuHss9CoJQDnaJ8= =2D9m -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
