How do I remove the jsessionid from URLs in JBoss EAP?

Solution Verified - Updated -

Issue

  • For security or other requirements at times there is a need to remove the jsessionid completely from any generated URLs. The default behaviour of the servlet container is to pass the jsessionid via the URL and a cookie on the first request that accesses the session. In that case, if the client rejects the cookie, or cookies are not enabled, the session can still be tied to the request via the jsessionid in the URL.
  • How to remove jsessionid from the URL

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 4.x
    • 5.x
    • 6.x
    • 7.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In