Does URL rewriting in JBuilder4 work?

Similar Messages

• WLS 6.1 SP1 URL Rewriting Still Not Working?

            Anyone having success with URL Rewriting? The SessionServlet example is STILL
            not working for me when cookies are disabled. New sessions are created every
            access and the counter never increments past 1.
            Any info would be appreciated.
            Regards, Jeff
            

            The SessionServlet example works fine for me. By default URL re-writing is enabled
            and it will come into picture if the browser doesn't accept cookies.
            Try the examplesWebApp which is in 'examples' domain. It has SessionServlet as
            part of it.
            Sathish Santhanam
            Developer Relations Engineer
            BEA Support
            

• URL rewrite now working for SharePoint 2013 result page

  Hi,
  I have configured reverse proxy using URL Rewrite (ARR), all works fine but the rule is not processing for SharePoint 2013 result page. It still shows internal domain name and not external domain name.
  this is my web.config in internet web server
  <?xml version="1.0" encoding="UTF-8"?>
  <configuration>
      <system.webServer>
          <rewrite>
              <outboundRules>
                  <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
                      <match filterByTags="A, Area, Base, Form, Frame, Head, IFrame, Img, Input, Link, Script" pattern="^http(s)?://dsplsp2013/(.*)" />
                      <action type="Rewrite" value="http{R:1}://uncep/{R:2}" />
                  </rule>
                  <preConditions>
                      <preCondition name="ResponseIsHtml1">
                          <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
                      </preCondition>
                  </preConditions>
              </outboundRules>
              <rules>
                  <rule name="ReverseProxyInboundRule1" stopProcessing="true">
                      <match url="(.*)" />
                      <action type="Rewrite" url="http://dsplsp2013/{R:1}" />
                      <serverVariables>
                          <set name="HTTP_ACCEPT_ENCODING" value="" />
                      </serverVariables>
                  </rule>
              </rules>
          </rewrite>
          <urlCompression doStaticCompression="false" />
      </system.webServer>
  </configuration>
  Thanks
  Hari
  Hari

  Hi,
  According to your post, my understanding is that the rule was not processing for SharePoint 2013 result page.
  Please make sure you add the reverse rewriting rule correctly.
  For more information, you can refer to:
  Add the reverse rewriting rules (in the HTML)
  Setting up a Reverse Proxy using IIS, URL Rewrite and ARR
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support

• WCF Url Rewriting using global.asax

  Hello,
  I am doing Url Rewriting using global.asax but getting below error message. 
  Description: HTTP
  404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly. 
  Requested URL: /Services/MyService.svc/rest/CheckInternet
  I tested service. its working fine without url rewriting. 
  please help me to solve this issue. 
  Please "Mark as Answer" if this post answered your question. :)
  Kalpesh Chhatrala | Software Developer | Rajkot | India
  Kalpesh 's Blog
  VFP Form to C#, Vb.Net Conversion Utility

  Hi Kalpesh Chhatrala,
  I wonder if you are using the WCF Soap Service or the WCF Rest Service.
  Since your WCF Service works very well without the URI Rewriting, then it seems that you have do something wrong during the process of the URI Rewriting, so please try to refer to the following articles about how to do the URI Rewriting
  for the WCF Service:
  http://blogashwani.blogspot.com/2013/02/url-rewriting-for-wcf-service.html .
  http://blogs.msmvps.com/abu/2008/12/22/url-rewriting/ .
  http://blogs.msdn.com/b/endpoint/archive/2008/08/22/rest-in-wcf-part-ix-controlling-the-uri.aspx .
  Best Regards,
  Amy Peng
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Sessions, URL Rewriting, and Cookies

  First some background, then some questions:
            BACKGROUND
            I have written an application framework to use with JSP/EJB/Servlet
            based applications. This framework does URL rewriting
            (response.encodeUrl) for all URLs generated by the application, and I
            have URL-based session support turned on in WebLogic.
            Despite the fact that my browser is set to support cookies on my test
            machines, I have noticed that intermittently the URL rewriting to
            support session IDs kicks in. Then, later, it goes away again. This
            would seem to indicate that the client browsers are (for no apparent
            reason) deciding to occasionally not support sessions with cookies, so
            that the server has to step in and do URL writing instead.
            QUESTIONS
            1. Has this sort of behavior been reported by anyone else?
            2. Is there a servlet/JSP API anywhere that I can call on a per-HTTP
            transaction basis to see if the browser that is participating in the
            transaction is at that moment supporting cookies?
            3. There are times when my framework needs to delete a cookie by setting
            its maxAge to 0. Most of time time this works, but (as with the session
            ID/URL rewriting above) occasionall the cookie does not get deleted on
            the client brower machine. This screws up some of the application logic
            that I have in the framework. Is this related to the problems listed
            above?
            CONCLUSION
            Any and all information is appreciated, from anyone. Thanks!
            Chris
            

            Hi,
            To answer your question #1, yes I have seen this behaviour, and
            the explanation I feel is as follows.
            1] You access a resource on WL Server & it starts a session, at
            this moment it is not sure whether the browser supports cookies
            so it uses both methods, URL Writing & cookies to store the session
            ID
            2] On the next request, it tries to read the cookie, if it is able
            to read it that means cookies are enabled and there is no need
            to continue with URL Rewriting else it continues wioth URLRewriting.
            To answer Question #2, you can follow a procedure similiar to above
            to find out if browser supports cookies, ie set a cookie & in the
            next request try to read teh value.
            As far as Question #3 is concerned, try setting the magAge to -12
            hours insteda of 0 so that there is no problem even in case of
            a time difference.
            hope this helps
            Rahul
            Chris Dole <[email protected]> wrote:
            >First some background, then some questions:
            >
            >BACKGROUND
            >I have written an application framework to use with JSP/EJB/Servlet
            >based applications. This framework does URL rewriting
            >(response.encodeUrl) for all URLs generated by the application,
            >and I
            >have URL-based session support turned on in WebLogic.
            >
            >Despite the fact that my browser is set to support cookies
            >on my test
            >machines, I have noticed that intermittently the URL rewriting
            >to
            >support session IDs kicks in. Then, later, it goes away
            >again. This
            >would seem to indicate that the client browsers are (for
            >no apparent
            >reason) deciding to occasionally not support sessions
            >with cookies, so
            >that the server has to step in and do URL writing instead.
            >
            >QUESTIONS
            >1. Has this sort of behavior been reported by anyone else?
            >
            >2. Is there a servlet/JSP API anywhere that I can call
            >on a per-HTTP
            >transaction basis to see if the browser that is participating
            >in the
            >transaction is at that moment supporting cookies?
            >
            >3. There are times when my framework needs to delete a
            >cookie by setting
            >its maxAge to 0. Most of time time this works, but (as
            >with the session
            >ID/URL rewriting above) occasionall the cookie does not
            >get deleted on
            >the client brower machine. This screws up some of the
            >application logic
            >that I have in the framework. Is this related to the problems
            >listed
            >above?
            >
            >CONCLUSION
            >Any and all information is appreciated, from anyone. Thanks!
            >
            >Chris
            >
            

• URL Rewriting & Mozilla

  I've noticed some functional changes between SJSAS 8 Update 1 and SJSAS 8 2004Q4 Beta regarding use of URL rewriting in webapps.
  Our servlet explicitly disables cookies in preference for URL rewriting. In SJSAS8-Update1, as for every other app server we've used (SJSAS 7 2004Q2, S17AS, Weblogic 8, Jboss), this works fine. But in the 2004Q4 beta release, URL rewriting doesn't work in Mozilla. IE works as per usual - inserting the relevant jsessionid's in the address bar.
  Consequently when the browser attempts to hit the servlet for the second time - it has no jsessionid, and the servlet doesn't recognize the session.
  As I said, this isn't a problem with any other release of the product; it seems to have been introduced in this most recent 2004Q4 beta of S1JSAS 8.
  Anyone else noticed this or have any suggestions?

  More specifically, the problem appears to exist -only- in Firefox (not Mozilla in general).
  Using LiveHTTPHeaders, its clear that Firefox 1.0 is setting the jsessionid identifier as a cookie, as opposed to URL rewriting. The other parameters are correctly passed using URL rewriting.
  Thus Mozilla is sending a URL without the jsessionid and the appserv web container cannot locate the session.
  We've set our sun-web.xml file to disable cookies explicitly using "enableCookies=false". However, Sun Appserv 8.1 2004Q4 BETA sends back a cookie to Firefox's request - even though the webapp has disabled it...
  Very frustrating!! Any help/suggestions would be gladly appreciated!

• Wildcard host SSL URL rewrite

  I'm working on setting up a URL rewrite that will work for all hosts of a specific domain.  I could just do a ".*" in the action-list, but the business unit has requested that I restrict the rewrites to just URLs served up containing a particular domain and all of its various hosts.  Would the action-list below work for *.blah.com?  Like www.blah.com, apps.blah.com, etc?  Thanks.
  action-list type modify http blah-urlrewrite
    ssl url rewrite location ".*\.blah\.com"

  Hi,
  That rewrite should do the trick
  Cesar R
  ANS Team

• URL Rewrite Rule: HTTP to HTTPS Not Working

  Here is my problem. I cannot get HTTP to HTTPS redirect to work using the URL Rewrite module. I am using version 2, by the way, which I understand is the latest version. I've also enabled the "Proxy Server" and Application Request Routing"
  features.
  I've trolled through the Internet for 2 days now for solutions to my problem, including the ones provided by the TechNet forums and by MVP Scott Forsyth. I've tried over 30 solutions, and none have resolved my issue. Granted some of the solutions I've tried
  may have been repeats of others. After trying so many, I have had a hard time discerning the differences. Does it really matter, for instance if the pattern match for the {HTTPS} input is specified as
  "^off$" or just "off"? I see this discrepancy (among others) everywhere. It seems like there are so many variations out there. It is quite confusing for the uninitiated and the newbies like myself to the
  URL Rewrite technology. I have enabled and consulted my "Failed Request Tracing Rules" logs but cannot make any sense of the cryptic information it is providing.
  I just cannot get my reverse proxy server to redirect http requests from the Internet to https to my internal web server. When a user specifies "https://server1.xxxxx.com". he is able to access the internal server via the reverse proxy (IIS) server.
  But when he specifies "http://server1.xxxxx.com" he receives "Server Error 500 - Internal server error.There is a problem with the resource you are looking for, and it cannot be displayed."
  At this point I am at my wits end, and am even considering configuring the protocol translation on our firewall. But this not my preference as it presents another layer of complexity, and device to troubleshoot later on. Below I've pasted my entire web.config
  file with my most current version of the rule in question (in bold) for your review. I started to paste just the specific rule, but thought you might need to see the entire file in case something else may be conflicting with the rule.
  Thank you in advance for your help.
  Dave Robinson
  <?xml version="1.0" encoding="UTF-8"?>
  <configuration>
      <system.webServer>
          <rewrite>
                <rules>
                  <clear />
  <rule name="HTTP to HTTPS Redirect" enabled="true" stopProcessing="true">
                  <match url="(.*)" />
                 <conditions>
                    <add input="{HTTPS}" pattern="off" />
                  </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}/{REQUEST_URI}" redirectType="Found" />
                  </rule>
  <rule name="ReverseProxyInboundRule1" stopProcessing="true">
                      <match url="(.*)" />
                      <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
                          <add input="{CACHE_URL}" pattern="^(https?)://" />
                      </conditions>
                      <serverVariables>
                          <set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
                          <set name="HTTP_ACCEPT_ENCODING" value="" />
                  </serverVariables>
                      <action type="Rewrite" url="{C:1}://server1.xxxxx.com/{R:1}" />
                  </rule>
              </rules>
              <outboundRules>
                  <rule name="RestoreAcceptEncoding" preCondition="NeedsRestoringAcceptEncoding">
                  <match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)" />
                  <action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" />
                  </rule>
                  <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
                      <match filterByTags="A, Form, Img" pattern="^http(s)?://server1.xxxxx.com/(.*)" />
                      <action type="Rewrite" value="http{R:1}://server1.xxxxx.local/{R:2}" />
                  </rule>
                  <preConditions>
                      <preCondition name="ResponseIsHtml1">
                          <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
                      </preCondition>
                      <preCondition name="NeedsRestoringAcceptEncoding">
                          <add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".+" />
                      </preCondition>
                  </preConditions>
              </outboundRules>
          </rewrite>
          <tracing>
              <traceFailedRequests>
                  <add path="*">
                      <traceAreas>
                          <add provider="ASP" verbosity="Verbose" />
                          <add provider="ISAPI Extension" verbosity="Verbose" />
                          <add provider="WWW Server" areas="Authentication,Security,Filter,StaticFile,CGI,Compression,Cache,RequestNotifications,Module,FastCGI,WebSocket"
  verbosity="Verbose" />
                      </traceAreas>
  <failureDefinitions timeTaken="00:00:00" statusCodes="404" />
                  </add>
              </traceFailedRequests>
          </tracing>
          <httpErrors errorMode="Custom" />
          <httpRedirect enabled="false" destination="" exactDestination="false" childOnly="false" httpResponseStatus="Permanent" />
      </system.webServer>
  </configuration>

  On Wed, 28 Jan 2015 17:53:41 +0000, dwrobins2000 wrote:
  Here is my problem. I cannot get HTTP to HTTPS redirect to work using the URL Rewrite module. I am using version 2, by the way, which I understand is the latest version. I've also enabled the "Proxy Server" and Application Request Routing"
  features.
  Web/IIS related issues are better posted where the IIS experts are:
  http://forums.iis.net
  Paul Adare - FIM CM MVP
  "The equivalent of treating dandruff by decapitation"
  -- Frank Zappa on the Parents Music Resource Center' censorship plans

• URL Rewriting not working at all on iWS6

  I'm trying to use URL Rewriting in iWS6, rather than cookies. I have added a subelement to my web-apps.xml as follows:
  <session-tracking use-cookies="false" use-url-rewriting="true" />
  I also tried it without the use-cookies="false".
  In either case, sessions just don't happen, and the URL is not being re-written. If I use cookies, it's fine.
  Any bright ideas? Does this really work?

  Are you calling HttpServletResponse.encodeURL() to encode all your hrefs? encodeURL() is the method that performs the URL rewriting.

• Does using self-signed cert. on ISE server has anthing to do with url redirect being not working

  Hi,
  I am setting up wired ISE environment. Everything is going fine, except url redirect is not working.
  I just wondering, if using self-signed certificate on ISE server has anothing to do with the problem ?.
  Appreciate your input.
  Thanks

  Hi,
  As long as you have not changed the hostname or the domain name (and dns is accurate). You should only receive the certificate warning but still get redirected without any issues.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• ColdFusion with IIS URL Rewrite - Page never finishes loading

  I am running CF10 on IIS 7.5 with URL Rewrite module installed.
  All the rewrite rules work perfectly and ColdFusion is returning the correct pages. In order to get the page displayed in the browser I have to manually set the 'content-length' value in Application.cfc like this:
  <cfcomponent>
  <cffunction name="onRequestEnd">
  <cfheader name="Content-Length" value="#getPageContext().getCFOutput().getBuffer().size()#" />
  </cffunction>
  </cfcomponent>
  Without this code the browser does not display the page. However, even though it is now displaying the page, it is not doing it correctly. The page never finishes loading fully and not all of the HTML content seems to be on the page.
  I have tried to add a <cfflush> tag after setting the 'content-length' but it makes no difference. I don't understand why this is happening but I know that it has happened to someone else who was using htaccess: http://forums.devshed.com/coldfusion-development-84/page-not-finishing-loading-coldfusion- and-htaccess-bug-575906.html
  Can anyone please help?

  Hi guys,
  I would like to do url rewriting on our CF app but am worried I'll break something if I try and do it myself - is there anyone who would be interested in a bit of consultancy to help us achieve this?
  I want to turn http://www.allchichesterjobs.com/search-results.cfm?sector=21&q=part-time-jobs
  into http://www.allchichesterjobs.com/part-time-jobs
  I've tried this using IIS and URL Rewrite, when I browsed to http://www.allchichesterjobs.com/search-results.cfm?sector=21&q=part-time-jobs
  my browser was redirected to http://www.allchichesterjobs.com/part-time-jobs ok - but then I got a 404 error
  I'm wondering if I can pay someone to remote view my screen while we talk on skype and tell me what to do?
  Hope it's ok to post this sort of request on here
  Thanks very much indeed.
  Nick

• IIS Reverse Proxy with URL rewrite.

  Hi all, hoping to leverage the wealth of knowledge contained here.
  Any assistance would be very welcome.
  I'm having an issue getting a reverse proxy and URL rewrite working in IIS 7.0.
  I need to redirect all requests with a specific virtual directory suffix only.
  ie; https://domain.test.com/outbound/Content/query_etc
  With /Outbound/ being the trigger.
  This should be redirected to http://10.10.10.10/inbound/Content/query_etc
  While at the same time, requests without the /outbound/ suffix should be handled locally.
  I have configured the reverse proxy as described in a few articles, and have had no luck.
  Here's a snippet from my (sanitized) web.config at the site level.
  <rewrite>
  <outboundRules>
  <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
  <match filterByTags="A" pattern="^http(s)?://10.10.10.10/inbound/(.*)" />
  <action type="Rewrite" value="https://domain.test.com/outbound/{R:2}" />
  </rule>
  <preConditions>
  <preCondition name="ResponseIsHtml1">
  <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
  </preCondition>
  </preConditions>
  </outboundRules>
  <rules>
  <rule name="ReverseProxyInboundRule1" stopProcessing="true">
  <match url="^outbound/(.*)" />
  <action type="Rewrite" url="http://10.10.10.10/inbound/{R:1}" appendQueryString="true" logRewrittenUrl="false" />
  </rule>
  </rules>
  </rewrite>
  To me, this looks correct, yet it doesn't work.
  With this, I get the normal 404 - Error Code 0x80070002, with the text indicating the local directory doesn't exist, so.... not being picked up by the filter for redirection.

  Hi Andrew,
  Looking at your requirements it appears you need Reverse Proxy To Another Site/Server.
  By using URL Rewrite Module together with
  Application Request Routing module you can have IIS 7 act as a
  reverse proxy.
  It seems like URL Rewrite can't re-route the request somewhere else out of the server.
  Even when you rewrite the url the actual connection remains with the server. Hence if your original server doesn't have /inbound/Content/query_etc  it will fail with 404.
  Hosting multiple domain names under a single account using URL Rewrite.
  It’s a common desire to have a single IIS website that handles multiple sites with different domain names.
  References:
  How to create a url alias using IIS URL Rewrite:
  http://blogs.technet.com/b/mspfe/archive/2013/11/27/how-to-create-a-url-alias-using-iis-url-rewrite.aspx
  Reverse Proxy with URL Rewrite v2 and Application Request Routing:
  http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing
  Regards,
  Satyajit
  Please“Vote As Helpful”
  if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• Content-Length header not changed after url-rewrite... yields cut page.

  We use iPlanet6 ,service pack 4. The pages that return from the servlets are
  changed by the Application Server. The Application Server adds
  GXHC_GX_jst=901a10a6662d6164& to the all the URLs (which increase the
  page's size). The problem is that Application Server does not change the
  Content-Length header in the servlet response. This yields cut pages in the
  browser (IExplorer5).
  If we don't add the Content-Length header it works fine. (I.e., The pages
  are not cut.) Our problem is that we work with mobile devices that must have
  the Content-Length header to work properly.
  Q: Do you know if there is a patch that fix the problem?
  Q: Is it possible to configure the Application Server to prevent this
  url-rewrite?
  Regards,
            Aviram

  Hi guys,
  I would like to do url rewriting on our CF app but am worried I'll break something if I try and do it myself - is there anyone who would be interested in a bit of consultancy to help us achieve this?
  I want to turn http://www.allchichesterjobs.com/search-results.cfm?sector=21&q=part-time-jobs
  into http://www.allchichesterjobs.com/part-time-jobs
  I've tried this using IIS and URL Rewrite, when I browsed to http://www.allchichesterjobs.com/search-results.cfm?sector=21&q=part-time-jobs
  my browser was redirected to http://www.allchichesterjobs.com/part-time-jobs ok - but then I got a 404 error
  I'm wondering if I can pay someone to remote view my screen while we talk on skype and tell me what to do?
  Hope it's ok to post this sort of request on here
  Thanks very much indeed.
  Nick

• Plumtree and Weblogic Portal Server | URL rewriting incompatibility

  Hi All,
  I am using Weblogic Portal as the Producer and Plumtree as the consumer for my WSRP portlets. I have enabled Producer URL rewriting. When i invoke an action URL i get a "Mode is not supported in this portlet." error. The template being passed is <blockingActionTemplate>/wsrpconsumer/pt_action?wsrp-navigationalState={wsrp-navigationalState}&wsrp-interactionState={wsrp-interactionState}&wsrp-mode={wsrp-mode}&wsrp-windowState={wsrp-windowState}</blockingActionTemplate>
  and the URL generated is a href="/wsrpconsumer/pt_action?wsrp-navigationalState=&wsrp-interactionState=_action%3D%2FnewAction1&wsrp-mode=&wsrp-windowState="
  The same portlet works fine when Consumer URL rewrting is enabled.
  Plumtree is giving the same error for the portlets at the consumer at http://sunwsrp.dyndns.org/portal/wsrp/wsdl/default. Any help would be highly appreciated
  Thanks

  Hi, I don't have an answer on this but another more basic question. Our agency is using Plumtree Portal v5. I am assigned to develop a remote portlet. According to what I've read on the web as far back as 2003 Plumtree Portal supports WSRP but I'm getting conflicting answers within our agency. This post seems to indicate that the Plumtree Portal can consume WSRP compliant remote portlets. If that is correct, can you point me to documentation/examples? I've found reference to a Plumtree resource called "WSRP Portlet Consumer" for WSRP--does that still exist? Any help would be appreciated.

• Always use URL Rewriting for session tracking?

  All you JSP guru:
  I am working on a JSP project that requires session tracking. I have successfully implements session tracking with both cookies or URL rewriting. I know that with the HttpSession object, it will always try to use cookie first, if that's disabled, then it'll automatically switch to URL rewriting. However, is there a way to force the HttpSession object to ALWAYS use URL rewriting instead of cookies? I have searched for an answer for a long time and haven't been able to found a solution. Is it possible at all? Thank you very much.

  i was going to say that WebSphere always uses URL rewriting if you enable it at all, but someone beat me to it (indirectly) :-)
  however, that seemed to me to be a violation of the spec, which seemed to imply the behaviour you're describing (only use URL rewriting if cookies are not supported on the current client)
  here's a response someone else made on a websphere newsgroup to a statement in that regard:
  I believe you are technically correct. However from my
  experience, I think the spec if flawed in this area since
  there is no reliable way of determining whether the
  client browser supports cookies. The authority on
  cookies (www.cookiecentral.com) says:
  "To properly detect if a cookie is being accepted via
  the server, the cookie needs to be set on one HTTP
  request and read back in another. This cannot be
  accomplished within 1 request."
  This is asking too much of a servlet engine
  implementation. Even if it did submit a request for this
  purpose, the user could refuse the cookie. So
  then technically the browser supports cookies, but the
  servlet engine infers it doesn't. So if the servlet engine
  infers the browser does not support cookies and so
  encodes the URL, it is again out of spec because the
  browser really does support cookies. By doing it
  however encoding is configured makes things simpler,
  robust, consistent and avoids the flaw.
  My opinion.so, mostly i'm just rambling, but if you're using websphere, you should get the behaviour your boss wants. if you're using something else, i suppose there's a chance it'll "violate" the spec in this same, potentially helpful way.
  btw, i remember somebody else complaining that URL rewriting is less secure than cookies, but i kinda think they're about equal. it seems like either could be intercepted by a sniffer and then used to spoof. but i'm no expert in that stuff...