Christopher Schultz wrote:
| The problem with both cookies and session id's in the URL is that we
| develop applications for use on cellphones. Cell network operators are a
| bunch of not-so-nice-people who sometimes feel the need to screw up HTTP
| traffic in their gateways, e.g. by messing with cookies and session ids.
Can you give us an example of what happens to your JSESSIONID cookie?
At the moment, nothing, but that can change any time, that's why we want
to have at least the option of using a different header. We've had
operators mess with all kinds of standard HTTP headers so we try to have
a fallback for these.
| There is no guarantee that the cookies that arrive on the handset are
| the same as the ones that have been sent out from our servers. Sometimes
| cookies go missing, standard HTTP headers are mutilated, etc.
That sucks. Is it selective? I mean... do you always get the GET line
correctly, just the others are hosed?
Depends, a while back everything got messed up on a certain local
operator. They even replaced the user-agent with something incorrect.
(basically, every request looked like it came from an OperaMini browser).
Sincerely,
Tom
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
