Hello Konstantin Kolinko,
I fixed my dumb web.xml schema declaration. Thanks for pointing that out.
I also added the COOKIE tracking mode to the example servlet and it worked
there (the URL encoded link did not contain the JSESSIONID).
So, next I turned on logEffectiveWebXml="true" and verified that the effective
web.xml for both of my wars contains:
<session-config>
<session-timeout>30</session-timeout>
<cookie-config>
</cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
But the first time I hit the web app, I'm still getting JSESSIONID in the URL.
Then I turned on Strict Compliance to wring out any other errors in my web.xml
that might be causing the problem. It found some problems in the Tag
Library tld files and fixed those, but that had no effect on JSESSIONID in the
URL. I have no further errors in Catalina log or any other logs files.
At this point, I'm not sure what else I should try to debug the problem.
Any suggestions would be appreciated.
Sincerely,
Stephen McCants
On Tue, 18 Nov 2014 03:17:27 +0300
Konstantin Kolinko <knst.koli...@gmail.com> wrote:
> 2014-11-18 2:49 GMT+03:00 Stephen McCants <stephen.mcca...@hcs.us.com>:
> > Hello,
> >
> > I'm trying to remove the JSESSIONID from my URL the first time someone hits
> > my Tomcat Web App, but I've not been able to get it working for some
> > reason that eludes me. This is under Tomcat 7.0.37 and Tomcat 7.0.56.
> >
> > First thing I tried was to add session-config/tracking mode to my web.xml,
> > resulting in:
> >
> > <?xml version="1.0" encoding="ISO-8859-1"?>
> > <!DOCTYPE web-app PUBLIC
> > "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
> > "http://java.sun.com/dtd/web-app_2_3.dtd";>
> > <web-app xmlns="http://java.sun.com/xml/ns/javaee";
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> > xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
> > http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd";
> > version="3.0">
>
> You are declaring both 2.3 DTD and 3.0 schema.
> Choose one.
>
> There exists a system property that turns on "strict servlet
> compliance mode". If you use it, it enables validation of your web.xml
> and will catch silly errors like this one.
>
> http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Specification
>
> > <session-config>
> > <tracking-mode>COOKIE</tracking-mode>
> > </session-config>
>
> If I add the above three lines to the web.xml of examples webapp, it
> works for me.
>
> http://localhost:8080/examples/servlets/servlet/SessionExample
> On the first visit to that example page look at "URL encoded" link at
> the bottom of the page, whether it contains jsessionid in it or not.
>
> Best regards,
> Konstantin Kolinko
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
----------
Stephen McCants
Senior Software Engineer
Healthcare Control Systems, Inc.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
