Opened 16 years ago
#330 new defect
investigate removing jsession ids
Reported by: | dmn | Owned by: | nobody |
---|---|---|---|
Priority: | moderate | Milestone: | Greenstone 3 wishlist |
Component: | Greenstone3 Runtime | Severity: | major |
Keywords: | Cc: |
Description
URLs in GS3 have become even more messy than they were in GS2:
this is meaningless to users, horrible for SEO, a security risk etc:
http://randomcoder.com/articles/jsessionid-considered-harmful
or at least allowing site/collection maintainers to turn them off.
Most of the time the preferences are never used (I expect) - do we have any evidence they are? The default values should just be that, default and not clutter up the URL.
We could use cookies like everyone else, or provide a session independent URL when necessary. And/or implement the filter as described in the URL above.
Suppose someone wants to remove all the preference - would we still get jsessionids in the URLs?