First of all, "enableCookies" and "enableURLRewriting" are properties of the <session-properties> element in sun-web.xml, as opposed to <session-manager> properties.
Secondly, I'm not sure I understand the purpose of the "enableURLRewriting" property. I don't think it's even supported in the code, but I will double-check. :)
URL rewriting is always supported, unless the session id to be encoded was received in the form of a request cookie.
Also, the container does not automatically encode any URLs. It is the responsibility of the servlet developer to do so, by calling HttpServletResponse.encodeURL() or HttpServletResponse.encodeRedirectURL(), respectively, and passing it the URL to be encoded.
Jan
[Message sent by forum member 'jluehe' (jluehe)]
http://forums.java.net/jive/thread.jspa?messageID=247281