On 5/21/07, Carlos Ortiz <[EMAIL PROTECTED]> wrote:
Hi , Is there a way for dont show jsessionid in the adress bar , for my app it may be a potential problem with security ?¡
Whether the session id shows in the URL (and therefore the address bar) or not makes no difference at all from a security perspective. If it is not in the URL, then it is stored in a cookie, and a potential attacker can just look at the cookie value to see what it is.
and also why some time is written and some other not. ?¡
The typical pattern goes like this: * On the first request to an application, the servlet container does not know whether you have cookies enabled, so it sends the session id as *both* a URL path parameter and as a cookie. * If the session id comes back in as a cookie, then the container will assume you have cookies enabled and will stop sending the session id as part of the URL. * Otherwise, it will keep using URLs so that session affinity can be maintained. Craig
thx for the help pd Something off topic but still in java any ideas how parse a date like this "2007-03-22T00:00:00-06:00" to a Date or Calendar obj ?¡ yyyy-MM-ddThh:mm:ss-z ? <-- that does not work
