struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Al Sutton <>
Subject Re: What can you do with S2?
Date Sun, 15 Jun 2008 08:14:00 GMT
I think it's more a case of Tomcat doesn't pass the jsessionid down to 
the filters & webapp, whereas jetty does.

The jsessionid is still appended onto the URL in the browser, but with 
Tomcat the app works, with Jetty the error occurs.


Wendy Smoak wrote:
> On Sat, Jun 14, 2008 at 3:48 PM, Dave Newton <> wrote:
>> Not sure about WAS, but don't (at least) Tomcat and Resin do that (a) before it knows
if cookies are enabled, and (b) if cookies aren't enabled?
> It's part of the Servlet spec.  Tracking by cookies is required.  If
> the client won't accept a cookie, the container may do url rewriting,
> and if it chooses to do so, it must use a path parameter called
> jsessionid.  (SRV.7.1.3)  The container is required to support
> sessions for clients that do not accept cookies.  While the spec
> doesn't mandate url rewriting, it does say containers commonly support
> it.
> I'm curious what difference you're seeing between Jetty and Tomcat?
> It sounds like Tomcat stops appending the jsessionid, but Jetty
> continues doing it?  That's certainly valid (at least for the first
> response)... perhaps the framework needs to deal with it better?

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message