How do I remove the jsessionid from URLs in JBoss EAP?

Solution Verified - Updated -


  • For security or other requirements at times there is a need to remove the jsessionid completely from any generated URLs. The default behaviour of the servlet container is to pass the jsessionid via the URL and a cookie on the first request that accesses the session. In that case, if the client rejects the cookie, or cookies are not enabled, the session can still be tied to the request via the jsessionid in the URL.
  • How to remove jsessionid from the URL


  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 4.x
    • 5.x
    • 6.x
    • 7.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content