You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Will Etson <Wi...@pgn.com> on 2002/09/26 18:41:11 UTC
Re: [OT] Disabling jsessionid parameter in Struts forms
We use resin and according to http://www.caucho.com/resin/ref/app-config.xtp#session-config
you can indepently turn off either cookie sessions or url-sessions.
I'm not 100% sure what effect this will have but it sounds like it might solve your problem.
>>> Gemes Tibor <ge...@regens.hu> 09/26/02 02:11AM >>>
2002. szeptember 26. 11:59 dátummal Ori Tend ezt írtad:
> Thanks for the reply!
> I'm not sure I understand.. if I use in my JSP the standard <form> tag I
> dont get this jsessionid parameter when browsing to the page. Is there a
> way to use struts' <html:form> tag and not get this jsessionid?
If you use FORM based auth and disable cookies and don't use the EncodeURL()
you have to reauthenticate yourself for every request.
I can see the jsessionid appended only on the first page after the login page
if I have cookies enabled.
> I suspect that the jsessionid is added to the url by calling EncodeURL() at
> the struts taglib.
> I know that this may introduce problems to cookie-disabled visitors, but I
> don't want the jsessionid to appear.
Create a filter which processes the output and cut off from "jsessionid" to
the first ";" in each page for each occurence of "jsessionid".
If you insist.
Why does it bother you?
Tib