En l'instant précis du 01/04/07 16:04, Caldarale, Charles R s'exprimait dans toute sa noblesse: >> From: Christopher Schultz [mailto:[EMAIL PROTECTED] >> Subject: Re: URL rewriting For Session Tracking >> >> I think you are misinterpreting the OP's question... I think >> he wants to /force/ the use of URL rewriting to include the >> jsessionid. In that case, he /must/ run all his links through >> HttpServletResponse.encodeURL. >> > > So setting cookies="false" in the <Context> element isn't sufficient? > no, setting cookies=false just disable session tracking using cookies. Proper link to your webapplication should travel inside encodeUrl() at some point before rendering it to outputstream. Most tag that output urls are doing it internally (<struts:link/>, <c:url/> amongst other are doing it) > (Assuming a session has been created via request.getSession(true), of > course.) I haven't tried it, but that's the implication I got from > reading the doc. Strange, reading the doc i see this " Set to false if you want to disable the use of cookies for session identifier communication, and rely only on URL rewriting by the application. ". That is clear, if you set to false, you must use url rewriting in your application to track session identifier. Setting cookies to false won't magically parse all your pages to add session identifier. (See J2EE specifications for details) > What does cookies="false" actually do, then? > It disables use of cookies for session tracking > To step back a little: why would it be important to use URL encoding to > track sessions rather than do it with cookies? > > Because
1) not everyone has cookies enabled in their browser 2) in some cases it can be useful to have 2 sessions in same browser (something you can't do with cookies) --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
