Hi hammoud,
please see the thread at:
http://forums.java.net/jive/thread.jspa?messageID=328588
along with
https://glassfish.dev.java.net/issues/show_bug.cgi?id=3972
("HttpServletResponse.encodeURL() unconditionally appends jsessionid
if session is newly created")
which explain the motivation for what you are seeing.
The fix for the above issue was integrated into GlassFish v2.1.
If you want the jsessionid of a newly created session to be encoded
in the URL, you must disable cookies in your sun-web.xml, as follows:
<?xml version="1.0" encoding="UTF-8"?>
<sun-web-app>
<session-config>
<session-properties>
<property name="enableCookies" value="false" />
</session-properties>
</session-config>
</sun-web-app>
GlassFish v3 adds more fine-grained control over enabling or disabling
cookie and URL rewriting support for the jsessionids of newly created
sessions, by adding support for a property named "enableURLRewriting"
(in addition to the already existing "enableCookies").
By default, both properties will be set to true, meaning that by
default, the jsessionid of a newly created session will be stored both
in a response cookie and encoded in a URL. Storing of the jsessionid
of a newly created session in a cookie may be disabled by setting
"enableCookies" to false, and likewise, URL encoding may be disabled
by setting "enableURLRewriting" to false.
See
https://glassfish.dev.java.net/issues/show_bug.cgi?id=4394 for details.
Thanks,
Jan
On 01/28/09 06:47, glassfish_at_javadesktop.org wrote:
> Seems URLs are not encoded with session id anymore, when cookies are disabled.
> Is there a major difference between V2UR1 and V2.1?
> [Message sent by forum member 'hammoud' (hammoud)]
>
> http://forums.java.net/jive/thread.jspa?messageID=328653
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>