Is it possible to disable jsessionid in tomcat servlet?

Answer

You can disable for just search engines using this filter, but I'd advise using it for all responses as it's worse than just search engine unfriendly. It exposes the session ID which can be used for certain security exploits (more info).

Tomcat 6 (pre 6.0.30)

You can use the tuckey rewrite filter.

Example config for Tuckey filter:

<outbound-rule encodefirst="true"><name>Strip URL Session ID's</name><from>^(.*?)(?:\;jsessionid=[^\?#]*)?(\?[^#]*)?(#.*)?$</from><to>$1$2$3</to></outbound-rule>

Tomcat 6 (6.0.30 and onwards)

You can use disableURLRewriting in the context configuration to disable this behaviour.

Tomcat 7

From Tomcat 7 onwards you can add the following in the session config.

<session-config><tracking-mode>COOKIE</tracking-mode></session-config>

All tomcat Questions

Ask your interview questions on tomcat

Write Your comment or Questions if you want the answers on tomcat from tomcat Experts
Name* :
Email Id* :
Mob no* :
Question
Or
Comment* :
 





Disclimer: PCDS.CO.IN not responsible for any content, information, data or any feature of website. If you are using this website then its your own responsibility to understand the content of the website

--------- Tutorials ---