-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 André,
André Warnier wrote: > Actually, I was just perusing a page in the Tomcat 6 docs : > http://tomcat.apache.org/tomcat-6.0-doc/config/context.html > > and it actually says, for the "cookies" attribute : > Set to true if you want cookies to be used for session identifier > communication if supported by the client (this is the default). Set to > false if you want to disable the use of cookies for session identifier > communication, and rely only on URL rewriting *by the application*. André has the answer right here (though without details). In order to get your application to rewrite URLs, you need to pass every single outgoing URL through the HttpServletResponse.encodeURL method (or HttpServletResponse.encodeRedirectURL if you are using a redirect). I've found that this is detail is often overlooked in web applications. Most JSP tag libraries and things like that do this transparently, so you may not have even been aware that it was a requirement. Good luck reviewing all that code ;) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmLdjcACgkQ9CaO5/Lv0PD8cQCeKvrnDjZvNJTrXCcXuzOKUeSt +2YAoKYSCgXVEzLMhSFFk309g0OhO8kP =SKW6 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
