Summary: | Session ID not read from URL when cookie value is not valid | ||
---|---|---|---|
Product: | Tomcat 6 | Reporter: | Johnas H. <johnashudson> |
Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED WONTFIX | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 6.0.18 | ||
Target Milestone: | default | ||
Hardware: | PC | ||
OS: | Windows XP |
Description
Johnas H.
2008-09-30 08:20:51 UTC
The fall-back mechanism you describe is not part of the Servlet specification. The specification makes clear that URL rewriting is only one possible solution for clients that do not support cookies. Containers are not required to support URL rewriting; they are only required to provide a mechanism to provide session tracking for clients that do not support cookies. Further, the wording of SRV.7.1.1 indicates that a session ID from a cookie takes priority over one from a url. |