On Fri, Nov 15, 2013 at 9:58 AM, Marius Dumitru Florea <
mariusdumitru.florea(a)xwiki.com> wrote:
Yes there is but we don't control that, the user would need to setup his
container and you can be sure he'll forget to do it, thus causing lots of
bugs/issues on the XWiki side ;)
Thanks
-Vincent
Thanks,
Marius
On Fri, Nov 15, 2013 at 10:48 AM, Vincent Massol <vincent(a)massol.net>
wrote:
Hi devs,
Right now we're trying to support clients (browsers namely) that have
cookies turned off.
I've recently updated code to try to support that but I've found that:
1) It's very hard and we still have lot of places in our code that
doesn't
work without cookies
2) It adds ;jsessionid in the URL and this is causing havoc in tons of
unsuspecting place such as RSS feed generation (RSS readers get different
URLs every time thus thinking it's a different article, exports,
watchlist, tests, etc).
3) It's a security risk to expse the sessionid in the URL
4) It's bad for SEO since search bots may index several times the same
resource with different sessionid (it's a new one every time)
5) There are lots of cases where we don't need to track sessions (like
for
RSS feed generation or HTML exports)
I started fixing all failing places because of the ;jsessionid in the URL
but more keep coming and it feels strange to have to remove it a bit
everywhere when we're adding it in our URL factory.
Thus I'd like to propose that we officially don't support tracking
sessions
in URLs (i.e. when browsers have cookies turned
off).
The idea is that I'd still call encodeURL in our XWikiURLFactory
implementations (we need this if we want to support URL rewriting for
short
URLs for example) but XWikiURLFactory would strip
any jsessionid from the
URL.
WDYT?
Here's my +1
Thanks
-Vincent
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs