OFBiz OFBiz - User

impact of removing url JsessionID ?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
oceatoon
Reply | Threaded
Open this post in threaded view
|

impact of removing url JsessionID ?

oceatoon
HI

We are wondering what exactly are the impacts of removing the jsessionId
from the url,
Because we removed it (makeUrl(.....,false) ), and disactivated cookies but
this has no negative impact on ofbiz ?
I thought it was supposed to replace cookies when disactivated... :-S

I'm sure there must be a good reason for keeping this, can anybody help

Thanks for the thoughts

Tibor
David E Jones
Reply | Threaded
Open this post in threaded view
|

Re: impact of removing url JsessionID ?

David E Jones

In some cases this is necessary for session tracking. For example:

1. transitioning between HTTP and HTTPS servers
2. when cookies are turned off

Note that if your site is 100% HTTPS the jsessionid is not needed  
because the HTTPS protocol has a session management feature.

BTW, just so you know none of these constraints are part of OFBiz.  
These are simply things that exist in the world at large related to  
HTTP and that OFBiz deals with as safely as possible.

-David


On Jan 15, 2007, at 7:36 AM, tibor katelbach wrote:

> HI
>
> We are wondering what exactly are the impacts of removing the  
> jsessionId
> from the url,
> Because we removed it (makeUrl(.....,false) ), and disactivated  
> cookies but
> this has no negative impact on ofbiz ?
> I thought it was supposed to replace cookies when disactivated... :-S
>
> I'm sure there must be a good reason for keeping this, can anybody  
> help
>
> Thanks for the thoughts
>
> Tibor


smime.p7s (3K) Download Attachment
oceatoon
Reply | Threaded
Open this post in threaded view
|

Re: impact of removing url JsessionID ?

oceatoon
Thanks for this insight

our site has both http and https and we seem to have no problem from passing

from one to the other even though we removed the jsession and disabled
cookies.

Regards
Tibor




On 1/15/07, David E. Jones <[hidden email]> wrote:

>
>
> In some cases this is necessary for session tracking. For example:
>
> 1. transitioning between HTTP and HTTPS servers
> 2. when cookies are turned off
>
> Note that if your site is 100% HTTPS the jsessionid is not needed
> because the HTTPS protocol has a session management feature.
>
> BTW, just so you know none of these constraints are part of OFBiz.
> These are simply things that exist in the world at large related to
> HTTP and that OFBiz deals with as safely as possible.
>
> -David
>
>
> On Jan 15, 2007, at 7:36 AM, tibor katelbach wrote:
>
> > HI
> >
> > We are wondering what exactly are the impacts of removing the
> > jsessionId
> > from the url,
> > Because we removed it (makeUrl(.....,false) ), and disactivated
> > cookies but
> > this has no negative impact on ofbiz ?
> > I thought it was supposed to replace cookies when disactivated... :-S
> >
> > I'm sure there must be a good reason for keeping this, can anybody
> > help
> >
> > Thanks for the thoughts
> >
> > Tibor
>
>
>
>
Free forum by Nabble Edit this page