2010/12/23 Pid <p...@pidster.com>: > On 23/12/2010 07:49, André Warnier wrote: >> Pid * wrote: >>> On 22 Dec 2010, at 23:38, André Warnier <a...@ice-sa.com> wrote: >>> >>>> Pid * wrote: >>>>> On 22 Dec 2010, at 23:02, Jeffrey Janner >>>>> <jeffrey.jan...@polydyne.com> wrote: >>>>>> Definitely the culprit. Now, I just have to convince the Dev team >>>>>> that they are, once again, a bunch of idiots. >>>>> Fail. >>>> Pid, >>>> why /do/ the "static objects" links embedded in the login page get >>>> back to the browser with a jsessionid appended ? >>> >>> <c:url is a JSTL tag which encodes a link. >> >> So in clear everyday English, for the benefit of the oppressed minority >> who does not speak JSTL fluently, the fact of encoding this link in the >> page as "<c:url something..>" is the reason why Tomcat (roughly >> speaking) modifies it to add the ";jessionid" bit, yes ? >> And if one were to remove the "<c:url .." tag from those links, it >> wouldn't, right ? >> >> And if so, why did you say "Fail" above ? > > I was referring to the "Definitely the culprit." statement. > Fail because encoding the links to static resources is unnecessary. >
because it interferes with caching. But in general sense it also depends on how the static resources are served by the web application: if you do not encode session id in those URLs, then access to those resources should not require a session (there should be no filters that require a session, nor authentication constraints). Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
