You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomee.apache.org by mikeg <ga...@yahoo.com> on 2015/03/09 15:14:53 UTC

jsessionid is not being removed from requests

Hi,
we are using Tomcat 7 with apache in front of it. and we defined to rely on
cookies only for tracking jessionid.

 here is what defined
     in web.xml
     <session-config id="SessionConfig_1">
            <tracking-mode>COOKIE</tracking-mode>
        </session-config>

    and in security spring xml file
          <security:http disable-url-rewriting="true">

but
    we are still seeing requests with jsessionid appended to uri

     on top of this 

           any request that is going back to the server with jsessionid
appended like 
/something.jsp;jsessionid =13244

       fails on the server side because jsessioind is not being stopped out 
before Spring is trying to find a 'View' corresponding to that request so it
obviously fails to find the right view and 404s

   Question:
         1. Why are we still seeing uri with jsessionid appended
         2. Why jsessionid is not removed by Web container before looking up
the view for uri
                 Same Code works fine with JBoss and 'View' is found (i.e
jessionid is removed before looking up 
                 view)



--
View this message in context: http://tomee-openejb.979440.n4.nabble.com/jsessionid-is-not-being-removed-from-requests-tp4673992.html
Sent from the TomEE Dev mailing list archive at Nabble.com.