How to disable URL rewriting for tracking session in Tomcat
Environment
- JBoss Web Server (JWS)
- 1.x
- 2.x
- 3.x
- Tomcat
- 5.5
- 6.0
- 7.0
Issue
- How to disable the use of URL rewriting for identifier to tracking session in Tomcat
Resolution
Tomcat 7.0
As per Servlet 3.0 spec, you can use
<session-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
Tomcat 6.0
If you use Tomcat 6.0.30 onwards included in JWS 1.0.2 or later, you can disable support for URL rewriting, set "disableURLRewriting" attribute to true in your web application's META-INF/context.xml. This functionality is also included in RHEL 6.8's tomcat6-6.0.24-95 and later.
<Context disableURLRewriting='true' ..(snip).. >
<!-- other settings -->
</Context>
If you use the older versions than Tomcat 6.0.30 or tomcat6-6.0.24-95 on RHEL 6.8, there's no configuration to disable URL rewriting. However, as workaround, you can remove the jsessionid from URLs by using custom servlet filter. Please refer to <https://access.redhat.com/solutions/16169> for details. Of course, this filter approach can also be used in Tomcat 6.0.30 onwards instead of the above setting.
Tomcat 5.5
As well as the older versions than Tomcat 6.0.30, there's no configuration in Tomcat 5.5. So, you can use custom servlet filter approach to remove the jsessionid from URLs . Please refer to <https://access.redhat.com/solutions/16169> for details.
Root Cause
This content is not included.https://bugzilla.redhat.com/show_bug.cgi?id=1221877
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.