-
Improvement
-
Resolution: Won't Fix
-
Major
-
None
-
None
-
None
In case when the client doesn't include a cookie in the first request then jsessionid parameter is added into URL. see http://ocpsoft.org/support/topic/session-id-is-appended-as-url-path-parameter-in-very-first-request/
To avoid this behaviour tomcat server needs to be reconfigured:
- Tomcat 8 - in https://tomcat.apache.org/tomcat-8.0-doc/config/context.html set <Context sessionCookieName="SESSIONID" cookies="true">...</Context>
- Tomcat 7 (servlet 3.0) - in $CATALINA_HOME/conf/web.xml add <tracking-mode>COOKIE</tracking-mode> into <session-config>. see http://www.e-zest.net/blog/new-session-management-features-in-servlet-3-0/ or http://andrius.miasnikovas.lt/2010/07/whats-new-in-tomcat-7/
- Tomcat 6 - in $CATALINA_HOME/conf/context.xml <Context> needs to be changed to <Context disableURLRewriting="true">. see http://tomcat.apache.org/tomcat-6.0-doc/config/context.html#Attributes
Acceptance criteria
- is cloned by
-
MGNLEE-356 Reconfigure bundled tomcat to avoid adding JSESSIONID in the URL if client does not include a cookie
- Closed
- is related to
-
MAGNOLIA-4911 Sticky "jsessionid" URL parameter causes 404 right after login
- Closed
- mentioned in
-
Wiki Page Loading...