Opened 13 years ago

#330 new defect

investigate removing jsession ids

Reported by: dmn Owned by: nobody
Priority: moderate Milestone: Greenstone 3 wishlist
Component: Greenstone3 Runtime Severity: major
Keywords: Cc:

Description

URLs in GS3 have become even more messy than they were in GS2:

http://www.greenstone.org/greenstone3/nzdl;jsessionid=E8BFF88D792F4075601045456EC801AD?a=p&sa=about&c=hdl&ct=0

this is meaningless to users, horrible for SEO, a security risk etc:

http://randomcoder.com/articles/jsessionid-considered-harmful

or at least allowing site/collection maintainers to turn them off.

Most of the time the preferences are never used (I expect) - do we have any evidence they are? The default values should just be that, default and not clutter up the URL.

We could use cookies like everyone else, or provide a session independent URL when necessary. And/or implement the filter as described in the URL above.

Suppose someone wants to remove all the preference - would we still get jsessionids in the URLs?

Change History (0)

Note: See TracTickets for help on using tickets.