This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
Hello everyone, I am using the <c:url> standard tag lib tag for constructing nearly all links in my application. Now I realized that <c:url> also appends the jsessionid parameter to the URL if the client does not support cookies. This can be a big security problem if you use fragment caching on content that contains URLs generated by <c:url>. Not only do cache hits deliver the wrong jsessionid for the user requesting, its also a valid id for another users session! My question: Is it possible to disable the URL rewriting feature completely for the standard tag lib? I'd still like to use <c:url> because of its encoding and context path prepending facilities. Regards, Andreas