Re: [OT] Disabling jsessionid parameter in Struts forms

[Will Etson <Wi...@pgn.com>]

We use resin and according to http://www.caucho.com/resin/ref/app-config.xtp#session-config
you can indepently turn off either cookie sessions or url-sessions. 

I'm not 100% sure what effect this will have but it sounds like it might solve your problem.

>>> Gemes Tibor <ge...@regens.hu> 09/26/02 02:11AM >>> 
2002. szeptember 26. 11:59 dátummal Ori Tend ezt írtad: 
> Thanks for the reply! 
> I'm not sure I understand.. if I use in my JSP the standard <form> tag I 
> dont get this jsessionid parameter when browsing to the page. Is there a 
> way to use struts' <html:form> tag and not get this jsessionid? 

If you use FORM based auth and disable cookies and don't use the EncodeURL() 
you have to reauthenticate yourself for every request. 

I can see the jsessionid appended only on the first page after the login page 
if I have cookies enabled. 

> I suspect that the jsessionid is added to the url by calling EncodeURL() at 
> the struts taglib. 
> I know that this may introduce problems to cookie-disabled visitors, but I 
> don't want the jsessionid to appear. 

Create a filter which processes the output and cut off from "jsessionid" to 
the first ";" in each page for each occurence of "jsessionid". 
If you insist. 

Why does it bother you? 

Tib