You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by tibor katelbach <oc...@gmail.com> on 2007/01/15 15:36:35 UTC
impact of removing url JsessionID ?
HI
We are wondering what exactly are the impacts of removing the jsessionId
from the url,
Because we removed it (makeUrl(.....,false) ), and disactivated cookies but
this has no negative impact on ofbiz ?
I thought it was supposed to replace cookies when disactivated... :-S
I'm sure there must be a good reason for keeping this, can anybody help
Thanks for the thoughts
Tibor
Re: impact of removing url JsessionID ?
Posted by tibor katelbach <oc...@gmail.com>.
Thanks for this insight
our site has both http and https and we seem to have no problem from passing
from one to the other even though we removed the jsession and disabled
cookies.
Regards
Tibor
On 1/15/07, David E. Jones <jo...@hotwaxmedia.com> wrote:
>
>
> In some cases this is necessary for session tracking. For example:
>
> 1. transitioning between HTTP and HTTPS servers
> 2. when cookies are turned off
>
> Note that if your site is 100% HTTPS the jsessionid is not needed
> because the HTTPS protocol has a session management feature.
>
> BTW, just so you know none of these constraints are part of OFBiz.
> These are simply things that exist in the world at large related to
> HTTP and that OFBiz deals with as safely as possible.
>
> -David
>
>
> On Jan 15, 2007, at 7:36 AM, tibor katelbach wrote:
>
> > HI
> >
> > We are wondering what exactly are the impacts of removing the
> > jsessionId
> > from the url,
> > Because we removed it (makeUrl(.....,false) ), and disactivated
> > cookies but
> > this has no negative impact on ofbiz ?
> > I thought it was supposed to replace cookies when disactivated... :-S
> >
> > I'm sure there must be a good reason for keeping this, can anybody
> > help
> >
> > Thanks for the thoughts
> >
> > Tibor
>
>
>
>
Re: impact of removing url JsessionID ?
Posted by "David E. Jones" <jo...@hotwaxmedia.com>.
In some cases this is necessary for session tracking. For example:
1. transitioning between HTTP and HTTPS servers
2. when cookies are turned off
Note that if your site is 100% HTTPS the jsessionid is not needed
because the HTTPS protocol has a session management feature.
BTW, just so you know none of these constraints are part of OFBiz.
These are simply things that exist in the world at large related to
HTTP and that OFBiz deals with as safely as possible.
-David
On Jan 15, 2007, at 7:36 AM, tibor katelbach wrote:
> HI
>
> We are wondering what exactly are the impacts of removing the
> jsessionId
> from the url,
> Because we removed it (makeUrl(.....,false) ), and disactivated
> cookies but
> this has no negative impact on ofbiz ?
> I thought it was supposed to replace cookies when disactivated... :-S
>
> I'm sure there must be a good reason for keeping this, can anybody
> help
>
> Thanks for the thoughts
>
> Tibor