jsessionid

I've got some strange bug: when I open page first time in some browser all references has jsessionid parameter (like <a href="/articles?name=art&jsessionid=5as45df4as5df"..> ). When I press F5 or refresh the page by any other ways all that stuff is disappeared and everything works fine until I close my browser (and all tabs should be closed too). When I open it again I see this strange jsessionid parameter. I use jstl <c:url..> tag for creating all URLs. I've read some time ago that jsessionid is an alternative to cookies if cookies are disabled, but cookies are enabled and I actually don't

I'm trying to manage sessions in Spring Security without leveraging cookies. The reasoning is - our application is displayed within an iframe from another domain, we need to manage sessions in our application, and Safari restricts cross-domain cookie creation . (context : domainA.com displays domainB.com in an iframe. domainB.com is setting a JSESSIONID cookie to leverage on domainB.com, but since the user's browser is showing domainA.com - Safari restricts domainB.com from creating the cookie). The only way I can think to achieve this (against OWASP security recommendations) - is to include

What's the best way to set an expiration date for the JSESSIONID cookie sent by Tomcat for a servlet session? By default, the expiration date of the cookie seems to be 'session', which means that the session disappears in the client as soon as the browser restarts. But I would like to keep it open for 12h, even after a browser restart (and would then configure the session timeout in the server accordingly). Is there any way to set an expiration date within Tomcat, e.g. using some configuration option or extension module? Or is there a reliable way to set an expiration date for JSESSIONID using

I have a requirement of having to run multiple tomcat server in single physical box. While accessing these from a browser, when user switches between the applications, it results in logging out the user previously access application. This is because of JSESSIONID cookie conflict. One possible solution is to run each applications in different context. Unfortunately, my applications will not work in context path setting as none of the resources are accessed with request.getContextPath() prepended in front. This leaves me to change the name of cookie JSESSIONID to resolve the conflict. Is there a