-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pid,
On 8/20/2010 8:33 AM, Pid wrote: > On 19/08/2010 20:41, Wesley Acheson wrote: >> On Thu, Aug 19, 2010 at 6:25 PM, Len Popp <len.p...@gmail.com> wrote: >> >>> On Thu, Aug 19, 2010 at 12:01, Christopher Schultz >>> <ch...@christopherschultz.net> wrote: >>>> The servlet specification mandates this behavior. Tomcat simply must >>>> support it. The spec says nothing of configurability, so Tomcat does not >>>> provide any. Hence the need to write a filter to achieve your desired >>>> behavior. >>> >>> That's not inviolable dogma. Tomcat does have some settings that make >>> it operate out-of-spec, e.g. non-standard cookie parsing. I don't see >>> why an option couldn't be added to disable JSESSIONID in URLs, if >>> enough people would find it useful. >>> -- >>> Len >> >> >> Is there anywhere we could vote for such a feature? I know Resin has it as >> I've stated before. > > You could file an enhancement request in Bugzilla, but it would be more > likely to get attention if it came with a patch. I can't comment as to > whether it would be approved or not. This sounds like something that could easily be implemented as a Valve. My understanding is that the only place where the jsessionid can't be removed from URLs by a Filter is during the authentication process. A Valve can be inserted /before/ the authentication/authorization Valve(s) and therefore override the encodeURL behavior to perform /no/ URL rewriting. Maybe one of the TC devs can tell us how to insert a Valve /before/ the AAA valves that are automatically set up by the security configuration in web.xml, but never explicitly defined using a <Valve> element anywhere. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxurrYACgkQ9CaO5/Lv0PD18QCfa1cistS8pfMGe9mcZrWyOmBI ybwAn2gAE7V/9I7vZIILB1h7hS2EZnWn =9hMX -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
