jsessionid passed in url if cookie and jsessionid stored by browser

Question

My web application was passing jsessionid in URL while it was using cookie base session management in other browser and machine which is desired behavior.

To fix this issue, I deleted stored cookie and jsessionid from locale storage and then it start using cookie base session management instead of URL rewriting.

Can someone explain why this is happening, stored cookie and jsessionid stopping application to use cookie base management.I need only cookie base session management in application how I can do that.

Environment:

Chrome browser, Struts 2,Tomcat 7,Java 8

Thank in advance.

Answer 1

jsessionid is special cookie used by Java application/web server to track user's session (to recognize user is old user eg. who has already logged in). For the first request to the server there will not be any cookies sent by the browser. So, server do not know whether the client supports cookie or not. For this server sends the jsessionid in cookie and in URL (URL Rewriting). But for the next request onwards the cookie will be available (from the previous request browser will store the cookie sent by the server and for the same context now it knows there is already it has cookie, so send it). That is why for next request onward you do not see jsessionid in URL. To force the server only use COOKIE based tracking, you will have add below fragment in web.xml

<session-config>
  <!-- Only cookie based tracking -->
  <tracking-mode>COOKIE</tracking-mode>
</session-config>