[MAGNOLIA-5728] Reconfigure bundled tomcat to avoid adding JSESSIONID in the URL if client does not include a cookie Created: 25/Mar/14 Updated: 07/May/18 Resolved: 24/Apr/14 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major |
| Reporter: | Milan Divilek | Assignee: | Daniel Lipp |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | support | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||
| Template: |
|
||||||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||||||||||||||
| Date of First Response: | |||||||||||||||||||||
| Description |
|
In case when the client doesn't include a cookie in the first request then jsessionid parameter is added into URL. see http://ocpsoft.org/support/topic/session-id-is-appended-as-url-path-parameter-in-very-first-request/ To avoid this behaviour tomcat server needs to be reconfigured:
|
| Comments |
| Comment by Daniel Lipp [ 24/Apr/14 ] |
|
Our current setup will try to use cookies (the preferred, more secure way) and only fallback to jsessionid-in-url in case the used browser is configure to not accept cookies. If cookies are allowed everything is fine - only if not we run into another bug that results in that "failed to load bootstrap js". By enforcing tracking-mode = cookie we would always run into that other bug so we'd actually make things worse. The proper fix is to resolve the other bug. |
| Comment by Phong Le Quoc [ 07/May/18 ] |
|
From my testing, the item for tomcat 8 is just to change session name. We must apply the fix by item for tomcat 7 in tomcat 8 also to remove jsessionid from URL. |