Hi Chris, Thanks for your mail. Actually we were analysing our proxy server logs and saw that a lot of URLs with jsessionid appended were being cached and this even includes static files. We saw request for static files like images and .js files being appended with jsessionid. So i think it happens for more than a few pages.
Thanks On Fri, May 21, 2010 at 5:25 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Richard, > > On 5/21/2010 11:45 AM, Richard Nduka wrote: > > Secondly, we have not disabled cookies. In our context, we have cookies > set > > to true and cookie is enabled in the browser. For some reason, tomcat > still > > re-writes the URL and includes the jsessionid. > > Does this happen to all URLs throughout the application, or only certain > ones? Is Tomcat also sending Set-Cookie headers to the client? Is the > client actually sending Cookie headers to the server? > > During the first request/response conversation between the client and > the server, it's often impossible for the server to tell if the client > can support cookies, and so it does both: Set-Cookie in the response, > plus, all the URLs are rewritten with the jsessionid parameter appended > to them. > > Once the client sends a second request, the cookie is included and the > remaining responses do not have URLs rewritten. > > If you need to remove that corner case, as well as disable all cookies > who do not support cookies, you'll have to write a simple filter that > wraps the response and overrides the encodeURL and encodeRedirectURL > methods (and their older, misspelled versions, too) so that they return > unmodified URLs. This may have ... unintended consequences where > sessions and cookie-less clients are concerned, though. > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkv2tBQACgkQ9CaO5/Lv0PDGtACgoRD0PJWBUwRbSydbdRvFCc9u > /UgAnAhQKVqHQ7V8k1rSIAIIF7Dpf49f > =sb0u > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
