URL sometimes appended with jsessionid Grails / Spring Security

Question

Sometimes Spring Security appends a jsessionid to the end of my URL. Wouldn't bother me so much if it happened all the time or never, but it seems almost random. I'm wondering why this is happening and if it has anything to do with remember me not working correctly with LDAP?

http://localhost:8080/myapplication/login/auth;jsessionid=A07D52CB78DB999947F3EED1917D60F6

Answer 1

JSESSIONID is created by tomcat (or other web container, see docs), it's not from Spring Security. JSESSIONID is the unique id of the http session, used at situation when application uses session (put/read some data from sesson during request), but there're no session cookie exists. At this case server trying both ways: setup cookie and append parameter to all links.

Mostly it's because:

• first request from browser (no cookie at all)
• browser has sent invalid sessionid (for example when server was restarted, and existing session became invalid)

And during such request session was used on server side (and was created new session).

PS I'm not sure that it can be related to LDAP auth issue