how to remove jsessionid in the url (Java)?

Question

I need help, how can I hide the jsessionid from the url? Use jboss 5.0 and web app version 2.5. In the context on jboss I have

SessionCookie secure = "true"

httpOnly = "true"

Can you help me? "secure" and "httpOnly" must remain set to true

Exmple url : http://localhost:8080/actionMenuGeneral.do;jsessionid=EA9073194BEDF67C16BEE48600B97737

Thank you

score 0 · Answer 1 · answered Dec 11 '17 at 19:12

0

Change the following in application's web.xml

<session-config>
    <session-timeout>60</session-timeout>
    <cookie-config>
        <http-only>true</http-only>
        <secure>true</secure>
    </cookie-config>
    <tracking-mode>COOKIE</tracking-mode>
</session-config>

More details at https://access.redhat.com/solutions/338313

answered Dec 11 '17 at 19:12

Vel

747
3
10
24

I added the tags, but the following error appears: cvc-complex-type.2.4.d: Invalid content was found starting with element 'cookie-config'. No child element is expected at this point. – Andrea F. Dec 12 '17 at 09:22
Check here https://stackoverflow.com/questions/18536503/web-xml-validation-in-weblogic-throws-error-because-of-cookie-config – Vel Dec 12 '17 at 14:34

how to remove jsessionid in the url (Java)?

1 Answers1