How to avoid session Id from browser URL?

Splash Forums PrettyFaces Users How to avoid session Id from browser URL?

This topic contains 5 replies, has 2 voices, and was last updated by  Christian Kaltepoth 4 years, 7 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #18816

    Carolina
    Member

    Hi Pretty,

    I am getting session Id which is appending to the URL. How to avoid the session ids in URL rewriting?

    It should not show only in browser URL any solution for this?

    Thanks,

    Vishwa

    #23117

    Your servlet container adds the jsessionid parameter to the URL if the container thinks, that the browser may not allow cookies. This is typically the case for the first request for which the client doesn’t include a cookie.

    You can configure your servlet container to only use cookies for session identification. But doing this will break all clients that don’t allow cookies:

    <session-config>
    <tracking-mode>COOKIE</tracking-mode>
    </session-config>

    See:

    http://www.e-zest.net/blog/new-session-management-features-in-servlet-3-0/

    #23118

    Carolina
    Member

    Thank you Christian, for your prompt answer,

    However application using cookie as well for user cookies tracking (User behavior tracking purpose).

    In this case I need to use cookies as well as to avoid session Id in browser URL.

    Is there any work around?

    #23119

    The configuration I proposed will only disable session tracking via the URL (jsessionid). So cookies will still keep working. That’s what you want to achieve, or did I misunderstand you?

    #23120

    Carolina
    Member

    Nope, not misunderstood,

    Only I am bothering about your following statement.

    You can configure your servlet container to only use cookies for session identification. But doing this will break all clients that don’t allow cookies:

    #23121

    Sure, if a browser doesn’t allow/support cookies, the servlet container typically falls back to appending jsessionid to the URL. If you configure the servlet container to don’t behave this way (because you don’t want jsessionid in your URL), the container will of cause not be able to track sessions for such users anymore.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

Comments are closed.