Bug 50305 - Provide an option to disable session tracking with URL
Summary: Provide an option to disable session tracking with URL
Status: RESOLVED DUPLICATE of bug 49811
Alias: None
Product: Tomcat 7
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 7.0.4
Hardware: All All
: P2 enhancement (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2010-11-19 17:03 UTC by Sylvain Laurent
Modified: 2010-11-20 14:06 UTC (History)
0 users

Patch for tc7 (3.78 KB, patch)
2010-11-19 18:00 UTC, Sylvain Laurent
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sylvain Laurent 2010-11-19 17:03:08 UTC
For internal (non-public) applications, where we know that all users browsers support cookies, there's no need for URL rewriting to track sessions. 

Furthermore having sessionID in the URLs has the following drawback : the first returned page contains URLs that reference static resources (images, CSS, JS...) with the session ID, but the following pages contain the same URL without the sessionID. Thus those resources are downloaded twice instead of once.

This option should be disabled by default since it is not spec compliant.

Proposition :
<Context disableUrlSessionTracking="true" >
Comment 1 Sylvain Laurent 2010-11-19 18:00:12 UTC
Created attachment 26322 [details]
Patch for tc7

Proposed patch for tc7.

Note that this feature is not useful for servlet 3 webapps since this can be configured in web.xml.

I'd like to backport this to tc6.
Comment 2 Konstantin Kolinko 2010-11-20 13:07:39 UTC
It is already implemented in TC6. See bug 49811 and
Comment 3 Sylvain Laurent 2010-11-20 14:06:39 UTC
Sorry I missed that one. So the functionality is in tc6 but not in tc7 ? weird... 

This means that users have to upgrade to servlet 3 to set the session tracking mode...

*** This bug has been marked as a duplicate of bug 49811 ***