Broadleaf Commerce Discussion Forums


http://forum.broadleafcommerce.org/

DISABLE JSESSIONID

http://forum.broadleafcommerce.org/viewtopic.php?f=11&t=723

Page 1 of 1

DISABLE JSESSIONID

Posted: Fri Sep 14, 2012 10:14 pm
by srini
Hi,

I want to check if it is a good practice to use disable-url-rewriting (http://static.springsource.org/spring-security/site/docs/3.0.x/reference/appendix-namespace.html) like below in spring security to remove jsessionid from url?

<http auto-config="false" use-expressions="true" disable-url-rewriting="true">

Thanks,
Srini.

Re: DISABLE JSESSIONID

Posted: Fri Nov 16, 2012 4:12 pm
by jefffischer
It depends on what you need to support for your end users. Without the url rewriting, your users must have cookies enabled in their browsers to be able to login or have a session. If this is acceptable, then not having security rewrite urls is fine.
All times are UTC-05:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/