Hello, you might want to take a look at: http://www.coreservlets.com/
The marquee author hosting the above named site wrote a book with the same title: * According to the author (Marty Hall) the only downside(s) to cookies are privacy issues. * The client browser has to have cookies turned on and the user can turn them off anytime. * If sensitive data is embedded this is a liability problem. * Search engines can create cross-reference links (text, images, etc.) to pages that use cookies. Anyway you cut it you will need session tracking albeit cookies or URL-Rewriting i.e. the JSESSIONID. The jsessionid is in itself a type of cookie. The security risk is if someone can sniff or guess the jsessionid the page is open to hi-jacking. Theres more at the link above. HTH. Gregory Gerard wrote .. > http://tomcat.apache.org/tomcat-5.5-doc/config/context.html > > I can turn cookies on or off but I don't see a similar setting for > URL rewriting. > > I've already made my peace with requiring cookies for other reasons. > > Possible? Downsides? > > I'm seeing a lot of double fetching of content (JavaScript files and > images) (once for when there's ;jsessionid= as part of the URL and > again once the client's accepted the cookie and the URL is changed). > > thanks, > greg --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]