Is it possible to disable jsessionid in tomcat servlet?
You can disable for just search engines using this filter, but I'd advise using it for all responses as it's worse than just search engine unfriendly. It exposes the session ID which can be used for certain security exploits (more info).
Tomcat 6 (pre 6.0.30)
You can use the tuckey rewrite filter.
Example config for Tuckey filter:
<outbound-rule encodefirst="true">
<name>Strip URL Session ID's</name>
<from>^(.*?)(?:\;jsessionid=[^\?#]*)?(\?[^#]*)?(#.*)?$</from>
<to>$1$2$3</to>
</outbound-rule>
Tomcat 6 (6.0.30 and onwards)
You can use disableURLRewriting in the context configuration to disable this behaviour.
Tomcat 7 and Tomcat 8
From Tomcat 7 onwards you can add the following in the session config.
<session-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
How to disable JSESSIONID cookie-based (and any else) session-tracking features in jetty 9?
With servlet 3 it is possible to set session tracking mode as a part of servlet registration - ServletContext#setSessionTrackingModes
... you can try that.
However in your case I would investigate who is calling HttpServletRequest#getSession(...)
. Put breakpoint in this method to see who is calling it. Some piece of code in your application is initializing session.
Related Topics
Bidirectional Multi-Valued Map in Java
Handling Soft-Deletes with Spring JPA
Is There an Equivalent of Java.Util.Regex for "Glob" Type Patterns
Updating UI from Different Threads in Javafx
How to Set Request Encoding in Tomcat
What Does an Exclamation Mark Mean in Java
Measure Execution Time for a Java Method
Differencebetween A.Getclass() and A.Class in Java
Can One Do a for Each Loop in Java in Reverse Order
Using Jasperreports with a Relative Path
Why Do We Assign a Parent Reference to the Child Object in Java
Synchronization of Non-Final Field
Should I Call Ugi.Checktgtandreloginfromkeytab() Before Every Action on Hadoop
How to Generate Cdata Block Using Jaxb
Convert Each Animated Gif Frame to a Separate Bufferedimage
How to Test Void Method with Junit Testing Tools
Choose Between Executorservice's Submit and Executorservice's Execute