Bug 50305

Summary: Provide an option to disable session tracking with URL
Product: Tomcat 7 Reporter: Sylvain Laurent <slaurent>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED DUPLICATE    
Severity: enhancement    
Priority: P2    
Version: 7.0.4   
Target Milestone: ---   
Hardware: All   
OS: All   
Attachments: Patch for tc7

Description Sylvain Laurent 2010-11-19 17:03:08 UTC 
For internal (non-public) applications, where we know that all users browsers support cookies, there's no need for URL rewriting to track sessions. 

Furthermore having sessionID in the URLs has the following drawback : the first returned page contains URLs that reference static resources (images, CSS, JS...) with the session ID, but the following pages contain the same URL without the sessionID. Thus those resources are downloaded twice instead of once.

This option should be disabled by default since it is not spec compliant.

Proposition :
<Context disableUrlSessionTracking="true" >
Comment 1 Sylvain Laurent 2010-11-19 18:00:12 UTC 
Created attachment 26322 [details]
Patch for tc7

Proposed patch for tc7.

Note that this feature is not useful for servlet 3 webapps since this can be configured in web.xml.

I'd like to backport this to tc6.
Comment 2 Konstantin Kolinko 2010-11-20 13:07:39 UTC 
It is already implemented in TC6. See bug 49811 and
http://svn.apache.org/viewvc?rev=1027196&view=rev
Comment 3 Sylvain Laurent 2010-11-20 14:06:39 UTC 
Sorry I missed that one. So the functionality is in tc6 but not in tc7 ? weird... 

This means that users have to upgrade to servlet 3 to set the session tracking mode...

*** This bug has been marked as a duplicate of bug 49811 ***