Chris,

a) Yes, I plan to always require cookies, because of ...
b) It's the search engine issue: They are cookie-less, and one gets (severely?) penalized by letting the jsessionid's slip out. While I'm using UrlRewriteFilter to provide an abstraction to the site's urls (and it works great), I didn't seem to be able to use it to suppress all url rewriting. I use http://validator.w3.org/checklink to check out how things are behaving.

So what I've done is use the filter described in http://randomcoder.com/articles/jsessionid-considered-harmful . This is short and sweet, and appears to do the job, and is the solution recommended by the link you sent -- thanks for that.

What I haven't done yet is to check whether the browser is supporting cookies, and if the answer is no, make sure that we raise an alert in fromt of the user to the effect that the site won't work right without cookies.

But all this leads to the obvious question (which I asked): If I'm not going to allow jsessionid's to slip out, can I suppress
their creation totally?

Now, having said all that, I'm more than open to hearing alternative ways of dealing the with problem, namely that search
engines penalize you for the presence of jesessionid's.

Cheers,
Ken

Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ken,

Ken Bowen wrote:
Is there a way to tell Tomcat to never rewrite urls?  I.e., to never add
jsessid ?

Do you want to completely disable sessions, or just always require cookies?

While the servlet specification does not require containers to provide
URL-rewriting, they are nearly useless without that capability.

This post from July 2004 includes a suggestion for a workaround when you
/really/ don't want url rewriting to ever occur:

http://mail-archives.apache.org/mod_mbox/tomcat-users/200407.mbox/[EMAIL 
PROTECTED]

I'm not sure why you'd ever want to do this, though. I'd love to hear
your reason for doing it, though.

- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHIhgg9CaO5/Lv0PARArw0AJ0Uzmwq/lLT1IWHxn/xADxiZLzpgACfUrep
qUM56Ih/0NPu9XWeK5LE1ws=
=s4JG
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to