Is it possible to turnoff jsessionid in the url in tomcat? the jsessionid seems not too search engine friendly.
Set sessionManager. sessionIdUrlRewritingEnabled = false to disable appending JSESSIONID to the URL. NOTE: if a user has disabled cookies, they will NOT be able to login if this is disable.
You want to set MaxAge to 0 instead. From the [API documentation][1]: A negative value means that the cookie is not stored persistently and will be deleted when the Web browser exits. A zero value causes the cookie to be deleted.
JSESSIONID is a cookie generated by Servlet containers like Tomcat or Jetty and used for session management in the J2EE web application for HTTP protocol.
The JSESSIONID is used to ensure that loadbalancers properly route communications to and from the correct client/server partners. By default, Oracle Forms requests a JSESSIONID be generated and maintained in the URL of each exchange between the client and server.
You can disable for just search engines using this filter, but I'd advise using it for all responses as it's worse than just search engine unfriendly. It exposes the session ID which can be used for certain security exploits (more info).
Tomcat 6 (pre 6.0.30)
You can use the tuckey rewrite filter.
Example config for Tuckey filter:
<outbound-rule encodefirst="true"> <name>Strip URL Session ID's</name> <from>^(.*?)(?:\;jsessionid=[^\?#]*)?(\?[^#]*)?(#.*)?$</from> <to>$1$2$3</to> </outbound-rule>
Tomcat 6 (6.0.30 and onwards)
You can use disableURLRewriting in the context configuration to disable this behaviour.
Tomcat 7 and Tomcat 8
From Tomcat 7 onwards you can add the following in the session config.
<session-config> <tracking-mode>COOKIE</tracking-mode> </session-config>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With