Re: Request Dispatcher Forward Session Problems

[Bill Barker <wb...@wilshire.com>]

I agree with Yoav.  And your "solution" for broken browsers won't work:  The
;jsessionid=xxx token only works for the initial request, and not for
forwards and includes (for the very obvious security reasons).

If you *need* to support these broken browsers, then you will need to deal
with it in a custom Valve (and have a Tomcat-only solution).

"Shapira, Yoav" <Yo...@mpi.com> wrote in message
news:9C5166762F311146951505C6790A9CF858E94E@US-VS1.corp.mpi.com...

Howdy,

>My application is handling requests from (mobile) browsers that support
>cookies and browsers that are not.
>Since some of the browsers (which doesn't support cookies) don't "like"
the
>URL rewriting links
>(i.e.
>http://127.0.0.1:8080/W/servlet/AdapterServlet;jsessionid=B97F59F894663
70EB

Are you saying you have browsers which do not conform to the HTTP
protocol (RFC 2616)?  The above http URL is legal and a browser that
supports HTTP is required to accept the above URL.

Let the server handle session integrity for you, via cookies or URL
rewriting or whatever: tomcat does this well automatically.

Yoav Shapira
Millennium ChemInformatics



This e-mail, including any attachments, is a confidential business
communication, and may contain information that is confidential, proprietary
and/or privileged.  This e-mail is intended only for the individual(s) to
whom it is addressed, and may not be saved, copied, printed, disclosed or
used by anyone else.  If you are not the(an) intended recipient, please
immediately delete this e-mail from your computer system and notify the
sender.  Thank you.




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org