Why jsessionid is appended to each url?

Question

I am deploying an app using the Spring framework on the Apache Tomcat. When running the application from Tomcat directly, there's no jsessionid appended to any URL at all, but after mapping the application to the domain, and trying to run it, I got a jsessionid appended to each URL in the application. I tried the Spring security attribute disable-url-rewriting but it doesn't work; it removes the jsessionid from the URL but the application doesn't work any more and the user cannot login.

So I guess it's another problem. Any ideas why this happens or how to solve it?

score 8 · Answer 1 · answered Aug 19 '10 at 13:01

8

Fixed in Spring Security 3 https://jira.springsource.org/browse/SEC-1052

answered Aug 19 '10 at 13:01

jpse

229
2
9

score 0 · Answer 2 · answered May 08 '10 at 17:58

0

by any chance, cookies are disabled for the "domain"?

answered May 08 '10 at 17:58

Vivek Athalye

2,869
2
21
31

score -1 · Answer 3 · answered May 09 '10 at 10:09

-1

If tomcat is behind a proxy, you have to make sure it runs on the same domain.

answered May 09 '10 at 10:09

Kdeveloper

13,209
11
38
48

Why jsessionid is appended to each url?

3 Answers3

Linked