You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@ofbiz.apache.org by tibor katelbach <oc...@gmail.com> on 2007/01/15 15:36:35 UTC

impact of removing url JsessionID ?

HI

We are wondering what exactly are the impacts of removing the jsessionId
from the url,
Because we removed it (makeUrl(.....,false) ), and disactivated cookies but
this has no negative impact on ofbiz ?
I thought it was supposed to replace cookies when disactivated... :-S

I'm sure there must be a good reason for keeping this, can anybody help

Thanks for the thoughts

Tibor

Re: impact of removing url JsessionID ?

Posted by tibor katelbach <oc...@gmail.com>.

Thanks for this insight

our site has both http and https and we seem to have no problem from passing

from one to the other even though we removed the jsession and disabled
cookies.

Regards
Tibor




On 1/15/07, David E. Jones <jo...@hotwaxmedia.com> wrote:
>
>
> In some cases this is necessary for session tracking. For example:
>
> 1. transitioning between HTTP and HTTPS servers
> 2. when cookies are turned off
>
> Note that if your site is 100% HTTPS the jsessionid is not needed
> because the HTTPS protocol has a session management feature.
>
> BTW, just so you know none of these constraints are part of OFBiz.
> These are simply things that exist in the world at large related to
> HTTP and that OFBiz deals with as safely as possible.
>
> -David
>
>
> On Jan 15, 2007, at 7:36 AM, tibor katelbach wrote:
>
> > HI
> >
> > We are wondering what exactly are the impacts of removing the
> > jsessionId
> > from the url,
> > Because we removed it (makeUrl(.....,false) ), and disactivated
> > cookies but
> > this has no negative impact on ofbiz ?
> > I thought it was supposed to replace cookies when disactivated... :-S
> >
> > I'm sure there must be a good reason for keeping this, can anybody
> > help
> >
> > Thanks for the thoughts
> >
> > Tibor
>
>
>
>

Re: impact of removing url JsessionID ?

Posted by "David E. Jones" <jo...@hotwaxmedia.com>.

In some cases this is necessary for session tracking. For example:

1. transitioning between HTTP and HTTPS servers
2. when cookies are turned off

Note that if your site is 100% HTTPS the jsessionid is not needed  
because the HTTPS protocol has a session management feature.

BTW, just so you know none of these constraints are part of OFBiz.  
These are simply things that exist in the world at large related to  
HTTP and that OFBiz deals with as safely as possible.

-David

On Jan 15, 2007, at 7:36 AM, tibor katelbach wrote:

> HI
>
> We are wondering what exactly are the impacts of removing the  
> jsessionId
> from the url,
> Because we removed it (makeUrl(.....,false) ), and disactivated  
> cookies but
> this has no negative impact on ofbiz ?
> I thought it was supposed to replace cookies when disactivated... :-S
>
> I'm sure there must be a good reason for keeping this, can anybody  
> help
>
> Thanks for the thoughts
>
> Tibor