You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomee.apache.org by mikeg <ga...@yahoo.com> on 2015/03/09 15:14:53 UTC
jsessionid is not being removed from requests
Hi,
we are using Tomcat 7 with apache in front of it. and we defined to rely on
cookies only for tracking jessionid.
here is what defined
in web.xml
<session-config id="SessionConfig_1">
<tracking-mode>COOKIE</tracking-mode>
</session-config>
and in security spring xml file
<security:http disable-url-rewriting="true">
but
we are still seeing requests with jsessionid appended to uri
on top of this
any request that is going back to the server with jsessionid
appended like
/something.jsp;jsessionid =13244
fails on the server side because jsessioind is not being stopped out
before Spring is trying to find a 'View' corresponding to that request so it
obviously fails to find the right view and 404s
Question:
1. Why are we still seeing uri with jsessionid appended
2. Why jsessionid is not removed by Web container before looking up
the view for uri
Same Code works fine with JBoss and 'View' is found (i.e
jessionid is removed before looking up
view)
--
View this message in context: http://tomee-openejb.979440.n4.nabble.com/jsessionid-is-not-being-removed-from-requests-tp4673992.html
Sent from the TomEE Dev mailing list archive at Nabble.com.