Hi, I have a few quesations i want to ask about jessionid in tomcat.
1. In our web based application which runs on HTTPS, we have observed that the jsessionid is being appended to the URL. On close examination, we have observed that this is being added by tomcat to the url (Handled by the encodeRedirectURL method in Response.java object in the tomcat sources). Why does tomcat do this? 2. Is it possible for this to be included in the response headers rather than in the URL? If possible, how can one go about doing this? Thanks in advance.
