I'm a bit lost with this thread. Are people suggesting I should submit a patch. I really wouldn't know where to begin looking.
On Fri, Aug 20, 2010 at 7:47 PM, Pid <p...@pidster.com> wrote: > On 20/08/2010 17:35, Christopher Schultz wrote: > > Pid, > > > > On 8/20/2010 8:33 AM, Pid wrote: > >> On 19/08/2010 20:41, Wesley Acheson wrote: > >>> On Thu, Aug 19, 2010 at 6:25 PM, Len Popp <len.p...@gmail.com> wrote: > >>> > >>>> On Thu, Aug 19, 2010 at 12:01, Christopher Schultz > >>>> <ch...@christopherschultz.net> wrote: > >>>>> The servlet specification mandates this behavior. Tomcat simply must > >>>>> support it. The spec says nothing of configurability, so Tomcat does > not > >>>>> provide any. Hence the need to write a filter to achieve your desired > >>>>> behavior. > >>>> > >>>> That's not inviolable dogma. Tomcat does have some settings that make > >>>> it operate out-of-spec, e.g. non-standard cookie parsing. I don't see > >>>> why an option couldn't be added to disable JSESSIONID in URLs, if > >>>> enough people would find it useful. > >>>> -- > >>>> Len > >>> > >>> > >>> Is there anywhere we could vote for such a feature? I know Resin has > it as > >>> I've stated before. > > > >> You could file an enhancement request in Bugzilla, but it would be more > >> likely to get attention if it came with a patch. I can't comment as to > >> whether it would be approved or not. > > > > This sounds like something that could easily be implemented as a Valve. > > My understanding is that the only place where the jsessionid can't be > > removed from URLs by a Filter is during the authentication process. A > > Valve can be inserted /before/ the authentication/authorization Valve(s) > > and therefore override the encodeURL behavior to perform /no/ URL > rewriting. > > > > Maybe one of the TC devs can tell us how to insert a Valve /before/ the > > AAA valves that are automatically set up by the security configuration > > in web.xml, but never explicitly defined using a <Valve> element > anywhere. > > Maybe look to see how it's implemented in v7.0 and hack something up. > > Taking Mark's hint and setting something on the Context, with effect on > StandardContextValve maybe... > > > p > > > -chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > >
