Why is my session id in my url?
Solution 1
This is standard JavaEE behavior, and is dictated and controlled by the servlet container. It has nothing to do with Spring.
See this previous question to find out why and when it gets created, and how to avoid it.
Solution 2
I didn't see this answer in the other question so I wanted to explain it. The way sessions work in java and I think php, is when the client first comes it, it creates a cookie and appends JESSIONID to all the urls that used <c:url/> tag. The reason it does this is because the first time the client visits the page, the server has no idea if the client supports cookies. So it does both. Next time, since it sees the cookie, it will actually not use URLs anymore because it knows cookies worked.
There is a lot of ways to disable this. If you are not using sessions at all then you can disable cookies by putting cookies=false in context.xml. This only disables cookies for the session and not regular cookies. You can then use urlrewrite to stip the sessionid.
Hope that helps.
Samo
I'm a software consultant in the twin cities, specializing in Ruby on Rails, PostgreSQL, and JavaScript. I also play blues, jazz, and klezmer saxophone and enjoy a chess game on occasion. I spend most of my off time with my wife and kids.
Updated on June 04, 2022Comments
-
Samo almost 2 years
So I went through the steps to build a basic roo application here: http://static.springsource.org/spring-roo/reference/html/beginning.html
I started up my server and started playing with the app, couldn't help but notice that there's a 'jsessionid' in my url:
http://localhost:8080/pizzashop/pizzas;jsessionid=0A8EA5D9E8665C8AC80F141C3818F6BA?form
I don't care for this at all! Why does it need a session id in the URL? Can I get rid of this? It does not seem RESTful to have this there.
-
BalusC over 13 yearsHow to avoid it without disabling the session is answered here.
