I have a struts2 application hosted in tomcat 5.5.25 on port 8080. I use proxy_ajp to forward requests from Apache port 443 to the application. When I browse to port 8080 my app behaves the way I expect and the jsessionid is set as a cookie. But when I connect via Apache/SSL and post a form, the address gets appended with e.g. ;jsessionid=7608ABE8DE3A4D9784DBF837B6223903. So somewhere between Apache and Tomcat the session id is being encoded into the url. Is there any way to avoid this occurring?