-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Richard,
On 5/21/2010 11:45 AM, Richard Nduka wrote: > Secondly, we have not disabled cookies. In our context, we have cookies set > to true and cookie is enabled in the browser. For some reason, tomcat still > re-writes the URL and includes the jsessionid. Does this happen to all URLs throughout the application, or only certain ones? Is Tomcat also sending Set-Cookie headers to the client? Is the client actually sending Cookie headers to the server? During the first request/response conversation between the client and the server, it's often impossible for the server to tell if the client can support cookies, and so it does both: Set-Cookie in the response, plus, all the URLs are rewritten with the jsessionid parameter appended to them. Once the client sends a second request, the cookie is included and the remaining responses do not have URLs rewritten. If you need to remove that corner case, as well as disable all cookies who do not support cookies, you'll have to write a simple filter that wraps the response and overrides the encodeURL and encodeRedirectURL methods (and their older, misspelled versions, too) so that they return unmodified URLs. This may have ... unintended consequences where sessions and cookie-less clients are concerned, though. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkv2tBQACgkQ9CaO5/Lv0PDGtACgoRD0PJWBUwRbSydbdRvFCc9u /UgAnAhQKVqHQ7V8k1rSIAIIF7Dpf49f =sb0u -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
