Configure WildFly/Undertow to put JSESSIONID on URL if cookies not accepted

Question

We previously used JBoss 7.1.2 and utilized the behaviour that JSESSIONID is put on the URL as a fallback if cookies are not accepted or if the JSESSIONID cookie is not present in requests.

After migrating to WildFly 8.2.0 / Undertow 1.1.0 this URL rewrite is not happening.

Is it possible to configure WildFly/Undertow to put JSESSIONID on URLs as a fallback? We are aware of the possibility to put session-config in web.xml, e.g.:

<session-config>
  <tracking-mode>URL</tracking-mode>
</session-config>

But we only want JSESSIONID on URLs as a fallback solution.

Answer 1

To use cookie based session-tracking if available and URL based session-tracking as a fallback you should configure your deployment descriptor web.xml like this:

<web-app ...>
  <session-config>
    <tracking-mode>COOKIE</tracking-mode>
    <tracking-mode>URL</tracking-mode>
  </session-config>
</web-app>

Note, that you need at least servlet 3.0 specification!

Unfortunately there is a bug (UNDERTOW-396) in Wildfly/Undertow that prevents the fallback from being used. That bug has been marked as fixed for Undertow 1.2.0-Beta10, but Wildfly 8.1.0.Final and 8.2.Final both use older versions. So currently you'd probably need to update Undertow in your Wildfly installation to get the fix.

Here is another useful blog-post on this topic.

Update: Wildfly 9.0.2.Final uses Undertow 1.2.9, so this should be working again (not yet tested).