On 20/08/2010 17:35, Christopher Schultz wrote: > Pid, > > On 8/20/2010 8:33 AM, Pid wrote: >> On 19/08/2010 20:41, Wesley Acheson wrote: >>> On Thu, Aug 19, 2010 at 6:25 PM, Len Popp <len.p...@gmail.com> wrote: >>> >>>> On Thu, Aug 19, 2010 at 12:01, Christopher Schultz >>>> <ch...@christopherschultz.net> wrote: >>>>> The servlet specification mandates this behavior. Tomcat simply must >>>>> support it. The spec says nothing of configurability, so Tomcat does not >>>>> provide any. Hence the need to write a filter to achieve your desired >>>>> behavior. >>>> >>>> That's not inviolable dogma. Tomcat does have some settings that make >>>> it operate out-of-spec, e.g. non-standard cookie parsing. I don't see >>>> why an option couldn't be added to disable JSESSIONID in URLs, if >>>> enough people would find it useful. >>>> -- >>>> Len >>> >>> >>> Is there anywhere we could vote for such a feature? I know Resin has it as >>> I've stated before. > >> You could file an enhancement request in Bugzilla, but it would be more >> likely to get attention if it came with a patch. I can't comment as to >> whether it would be approved or not. > > This sounds like something that could easily be implemented as a Valve. > My understanding is that the only place where the jsessionid can't be > removed from URLs by a Filter is during the authentication process. A > Valve can be inserted /before/ the authentication/authorization Valve(s) > and therefore override the encodeURL behavior to perform /no/ URL rewriting. > > Maybe one of the TC devs can tell us how to insert a Valve /before/ the > AAA valves that are automatically set up by the security configuration > in web.xml, but never explicitly defined using a <Valve> element anywhere.
Maybe look to see how it's implemented in v7.0 and hack something up. Taking Mark's hint and setting something on the Context, with effect on StandardContextValve maybe... p > -chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
0x62590808.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
