jsessionid

Changing cookie JSESSIONID name

妖精的绣舞 提交于 2019-11-26 19:42:00
问题 I have a requirement of having to run multiple tomcat server in single physical box. While accessing these from a browser, when user switches between the applications, it results in logging out the user previously access application. This is because of JSESSIONID cookie conflict. One possible solution is to run each applications in different context. Unfortunately, my applications will not work in context path setting as none of the resources are accessed with request.getContextPath()

Is it possible to disable jsessionid in tomcat servlet?

谁都会走 提交于 2019-11-26 12:43:46
Is it possible to turnoff jsessionid in the url in tomcat? the jsessionid seems not too search engine friendly. Pool You can disable for just search engines using this filter, but I'd advise using it for all responses as it's worse than just search engine unfriendly. It exposes the session ID which can be used for certain security exploits ( more info ). Tomcat 6 (pre 6.0.30) You can use the tuckey rewrite filter . Example config for Tuckey filter: <outbound-rule encodefirst="true"> <name>Strip URL Session ID's</name> <from>^(.*?)(?:\;jsessionid=[^\?#]*)?(\?[^#]*)?(#.*)?$</from> <to>$1$2$3</to

Is it possible to disable jsessionid in tomcat servlet?

核能气质少年 提交于 2019-11-26 03:06:19
问题 Is it possible to turnoff jsessionid in the url in tomcat? the jsessionid seems not too search engine friendly. 回答1: You can disable for just search engines using this filter, but I'd advise using it for all responses as it's worse than just search engine unfriendly. It exposes the session ID which can be used for certain security exploits (more info). Tomcat 6 (pre 6.0.30) You can use the tuckey rewrite filter. Example config for Tuckey filter: <outbound-rule encodefirst="true"> <name>Strip
订阅 jsessionid