Hi, I am writing an e-commerce application using tomcat and have come across a minor issue with url session encoding. The problem is that if a valid session id is available on the url then tomcat does not use cookies.
Here is my scenario :- 1. I have tomcat configured to use cookies for session id's if possible. 2. An access to the index.html of my site redirects via url encoding to home/index.html. This causes the session to be sent both via the url and a cookie, from here on tomcat knows it can use cookies and doesn't bother adding the session id to the url when I use encodeURL. 3. If I close the browser and open a new browser and use the url history box then the url that appears is home/index.html with the added url encoding (because I redirected from the original index.html). 4. Because this url has a valid session id, tomcat now defaults to using the url endoing method and doesn't even try to use a cookie for this browser session. My problem is that I want tomcat to always try and use a cookie even when using url encoding (unless it is already using a cookie). I realise it is a pain for those users that have setup prompts before accepting cookies, but in my case I would prefer an inconvenience to a small number of users and not the vast variety of users seeing the session id on all their url's. My own prefernce would be to overload the cookies parameter so that a value of "force" would cause this behaviour and leave the existing semantics for the already defined values. Regards, Arshad -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
