How to prevent the JSESSIONID showing in the URL [duplicate]

This question already has answers here:

How to prevent adding jsessionid at the end of redirected url (1 answer)

Is it possible to disable jsessionid in tomcat servlet? (8 answers)

Closed 2 years ago.

I have created an login page in servlet using Google Datastore, it is working fine. but sometimes its showing the JSESSIONID in the URL.

How can I prevent the JSESSIONID sending through the URL? why its passing through the URL instead of request message?

Add the following entry in your web.xml.

<session-config>
    <tracking-mode>COOKIE</tracking-mode>
</session-config>

This will instruct the container that the client supports cookies and hence there is no need to put the JSessionId in the URL.

Are you using response.encodeURL()? If so, try to remove it or disable "URL Rewriting" and check the URL.

See also:

Apache Tomcat Configuration Reference

Additional information:

response.encodeURL(URL) adds ;jsessionid=xxxx... to URL. To disable this(="URL Rewriting"),

Tomcat 7.0 or later:

<session-config>
  <tracking-mode>COOKIE</tracking-mode>
</session-config>

Tomcat 6.0:

<Context disableURLRewriting="true" ...

来源：https://stackoverflow.com/questions/44673490/how-to-prevent-the-jsessionid-showing-in-the-url

标签

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!