Two Laptop Bag
The moose likes Tomcat and the fly likes Unwanted jsessionid in url Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Unwanted jsessionid in url" Watch "Unwanted jsessionid in url" New topic

Unwanted jsessionid in url

David Clarke

Joined: Jan 02, 2008
Posts: 11
Kia ora,

I have a struts2 application hosted in tomcat 5.5.25 on port 8080. I use proxy_ajp to forward requests from Apache port 443 to the application. When I browse to port 8080 my app behaves the way I expect and the jsessionid is set as a cookie. But when I connect via Apache/SSL and post a form, the address gets appended with e.g. ;jsessionid=7608ABE8DE3A4D9784DBF837B6223903. So somewhere between Apache and Tomcat the session id is being encoded into the url. Is there any way to avoid this occurring?

I agree. Here's the link:
subject: Unwanted jsessionid in url
It's not a secret anymore!