nlif wrote:
Hi all,
I am using Tomcat 6.0.18, with Firefox 3.0.6.
I have a simple servlet, which calls request.getSession(true), and expects
to create a session only on the first request, and resume an existing
session on all subsequent requests. As far as I know, according to the
servlet-spec, servlet containers (e.g. Tomcat), should automatically
fallback to URL rewriting (i.e. adding the jsessionid parameter to the url)
when the browser refuses to accept cookies.
This works fine with cookies enabled, however, as soon as I disable cookies
in my browser, a new session is created for each request, and the jsessionid
is not appended to the URL.
Shouldn't this work by default?
(I know I can modify the application code to handle this, but I assumed this
is not necessary.)
Actually, I was just perusing a page in the Tomcat 6 docs :
http://tomcat.apache.org/tomcat-6.0-doc/config/context.html
and it actually says, for the "cookies" attribute :
Set to true if you want cookies to be used for session identifier
communication if supported by the client (this is the default). Set to
false if you want to disable the use of cookies for session identifier
communication, and rely only on URL rewriting *by the application*.
(emphasis is mine)
That sounds to me as, if you want to use URL-rewriting, you have to do
it explicitly in the application.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
