How do i prevent the session id being passed between client and server via URL query string?

StackOverflow https://stackoverflow.com/questions/15516686

Question

How do i prevent the session id being passed between client and server via URL query string? I dont want the session identifier to be passed over the URL query string. How do i ensure this? Any help would be appreciated. Thanks Praveenkumar

Was it helpful?

Solution

You can configure how your container tracks the session using your web.xml. Just add this to enforce cookies:

<session-config>
  <tracking-mode>COOKIE</tracking-mode>
</session-config>

But please not that if you force your container to use cookies, you will break session handling for users that don't have cookies enabled.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top