Richard, there are two ways of maitaining sessions: 1) Using cookies (generally Tomcat's preferred way); 2) Using URL rewriting (generally Tomcat's less preferred way, used where a client has turned off cookies).
There are no other ways of sending session IDs that are supported by all Web browsers across all content types, though I could conceive of some extra ones if you were using AJAX. Remember that the browser has to know to send the session ID back to the server with the next request; this can only be done using cookies or some feature of the URL. All that said, I'm surprised Tomcat isn't using cookies in your case. Have you turned them off in the browser? Have you turned on the use of URL rewriting in the webapp's config? - Peter On 21 May 2010 16:06, Richard Nduka <richies4...@gmail.com> wrote: > Hi, > > I have a few quesations i want to ask about jessionid in tomcat. > > 1. In our web based application which runs on HTTPS, we have observed that > the jsessionid is being appended to the URL. On close examination, we have > observed that this is being added by tomcat to the url (Handled by the > encodeRedirectURL method in Response.java object in the tomcat sources). > Why > does tomcat do this? > > 2. Is it possible for this to be included in the response headers rather > than in the URL? If possible, how can one go about doing this? > > Thanks in advance. >
