I have few JSPs for which jsessionIds are getting appended in the URL, there are different ways to remove the jsessionId from the URL. What is the best possible solution. I am using weblogic. If the cookies are not enabled or cleared by the user , we need jsessionId for tracking , but if we remove jsessionId also then whether it will be a problem as there wont be any way to track the user (both cookie and session wont be there) ? Also for secure HTTPS url jsessionId is needed? and will be created still by the container? Please clarify.
Thanks, if i enable the cookies in weblogic.xml, if the user clears the cookie in his browser what will happen? whether still the Cookie will be enabled as we are removing all the jsessionId? please clarify.
If a user removes all his cookies, including the session cookie, then WebLogic will not recognise an existing session for the next request. It's up to your application to determine what to. Probably the user needs to login again.
Thanks, is there any other option other than the application prompting user to login again to track the user session? I understand that if both cookie and session cookie are removed the only way is to ask the user to login? Is there any other alternative
If the user removed his session id cookie, there is no chance your application can identity this user accurately. You can't use the IP address because the user may share his Internet connection with others (e.g. in companies, or even home networks).