[MGNLEE-356] Reconfigure bundled tomcat to avoid adding JSESSIONID in the URL if client does not include a cookie Created: 25/Mar/14  Updated: 24/Apr/14  Resolved: 24/Apr/14

Status: Closed
Project: Magnolia DX Core
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major
Reporter: Milan Divilek Assignee: Daniel Lipp
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Cloners
clones MAGNOLIA-5728 Reconfigure bundled tomcat to avoid a... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Date of First Response:

 Description   

In case when the client doesn't include a cookie in the first request then jsessionid parameter is added into URL. see http://ocpsoft.org/support/topic/session-id-is-appended-as-url-path-parameter-in-very-first-request/

To avoid this behaviour tomcat server needs to be reconfigured:



 Comments   
Comment by Daniel Lipp [ 24/Apr/14 ]

Our current setup will try to use cookies (the preferred, more secure way) and only fallback to jsessionid-in-url in case the used browser is configure to not accept cookies. If cookies are allowed everything is fine - only if not we run into another bug that results in that "failed to load bootstrap js". By enforcing tracking-mode = cookie we would always run into that other bug so we'd actually make things worse. The proper fix is to resolve the other bug.

Generated at Mon Feb 12 05:29:09 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.