Sorry for bring this off list. I'll put it back on list if you think that appropriate.
You think that the context is the correct place to put this? I thought maybe web.xml but I don't know if you can extend that or if its rigidly covered by the spec. I started to do this on the connector is that incorrect? How would one submit a patch? Sorry I've never done this for any project. Do I just attach the changed source files to bugzilla? or do I need to do a diff and create a patch file. I'm on windows so I've never used patch and I am unsure how to create one. (unix patch file) Regards, Wesley Acheson On Sat, Aug 21, 2010 at 12:12 PM, Pid <p...@pidster.com> wrote: > On 20/08/2010 22:40, Wesley Acheson wrote: > > I'm a bit lost with this thread. Are people suggesting I should submit a > > patch. I really wouldn't know where to begin looking. > > That's where the discussion was heading. > > Tomcat is Open Source. The first place to look would be SVN. > > http://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk/ > > > p > > > On Fri, Aug 20, 2010 at 7:47 PM, Pid <p...@pidster.com> wrote: > > > >> On 20/08/2010 17:35, Christopher Schultz wrote: > >>> Pid, > >>> > >>> On 8/20/2010 8:33 AM, Pid wrote: > >>>> On 19/08/2010 20:41, Wesley Acheson wrote: > >>>>> On Thu, Aug 19, 2010 at 6:25 PM, Len Popp <len.p...@gmail.com> > wrote: > >>>>> > >>>>>> On Thu, Aug 19, 2010 at 12:01, Christopher Schultz > >>>>>> <ch...@christopherschultz.net> wrote: > >>>>>>> The servlet specification mandates this behavior. Tomcat simply > must > >>>>>>> support it. The spec says nothing of configurability, so Tomcat > does > >> not > >>>>>>> provide any. Hence the need to write a filter to achieve your > desired > >>>>>>> behavior. > >>>>>> > >>>>>> That's not inviolable dogma. Tomcat does have some settings that > make > >>>>>> it operate out-of-spec, e.g. non-standard cookie parsing. I don't > see > >>>>>> why an option couldn't be added to disable JSESSIONID in URLs, if > >>>>>> enough people would find it useful. > >>>>>> -- > >>>>>> Len > >>>>> > >>>>> > >>>>> Is there anywhere we could vote for such a feature? I know Resin has > >> it as > >>>>> I've stated before. > >>> > >>>> You could file an enhancement request in Bugzilla, but it would be > more > >>>> likely to get attention if it came with a patch. I can't comment as > to > >>>> whether it would be approved or not. > >>> > >>> This sounds like something that could easily be implemented as a Valve. > >>> My understanding is that the only place where the jsessionid can't be > >>> removed from URLs by a Filter is during the authentication process. A > >>> Valve can be inserted /before/ the authentication/authorization > Valve(s) > >>> and therefore override the encodeURL behavior to perform /no/ URL > >> rewriting. > >>> > >>> Maybe one of the TC devs can tell us how to insert a Valve /before/ the > >>> AAA valves that are automatically set up by the security configuration > >>> in web.xml, but never explicitly defined using a <Valve> element > >> anywhere. > >> > >> Maybe look to see how it's implemented in v7.0 and hack something up. > >> > >> Taking Mark's hint and setting something on the Context, with effect on > >> StandardContextValve maybe... > >> > >> > >> p > >> > >>> -chris > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > >> > > > >