Re: How to avoid session Id from browser URL?

Splash Forums PrettyFaces Users How to avoid session Id from browser URL? Re: How to avoid session Id from browser URL?

#23117

Your servlet container adds the jsessionid parameter to the URL if the container thinks, that the browser may not allow cookies. This is typically the case for the first request for which the client doesn’t include a cookie.

You can configure your servlet container to only use cookies for session identification. But doing this will break all clients that don’t allow cookies:

<session-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>

See:

http://www.e-zest.net/blog/new-session-management-features-in-servlet-3-0/