[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-3018) Tomcat appending jsessionid to URLs breaks page fragment cache
[ http://jira.jboss.com/jira/browse/JBSEAM-3018?page=comments#action_12413489 ]
Christian Bauer commented on JBSEAM-3018:
-----------------------------------------
When a GET hits the server with no session cookie or id, Tomcat creates a new session and
sets the cookie:
Set-Cookie: JSESSIONID=2978A7FABFF3DB35BE622290E1294CDE; Path=/
It then also encodes all URLs on a page with jsessionid. Without further proof, this seems
to be required because Tomcat, at this point, does not know if the browser supports
cookies. So the next GET (with both cookie and URL parameter) is required to decide if
cookies are OK or not.
The only solution would be to globally disable URL rewriting and force usage of cookies.
You can not disable URL rewriting in Tomcat. It seems to be hardcoded. All workarounds
I've found so far are not acceptable (filters that parse HTML, etc).
Tomcat appending jsessionid to URLs breaks page fragment cache
--------------------------------------------------------------
Key: JBSEAM-3018
URL: http://jira.jboss.com/jira/browse/JBSEAM-3018
Project: Seam
Issue Type: Task
Components: JSF Integration
Reporter: Christian Bauer
Priority: Critical
Tomcat/JSF encodes URLs and, even if cookies are enabled, sometimes appends a JSESSIONID
parameter. If you request a page fragment, your session id is encoded into the rendered
URLs. If I then later retrieve that fragment from the cache, I get your session. This is a
critical issue, I'll look for a workaround, if that's not possible, we need to
document it.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira