Cookie vs jsessionid url token precedence
ho开发者_StackOverflow社区w is it with Set-Cookie: VS jsessionid url token
precedence ?
Apache Tomcat just seem to ignore the token if cookie is set. Isn't it a little inconvenient behavior ? Or is it like this because of security reasons ?
this is the url of the request in servlet
....someParam=addFile;jsessionid=7A6ECCF009D4855821BCB45E0B744A7B'
and ID of the resulting Session corresponds to the cookie request header param...
This means, that it screws up handling of the request. For instance Spring-mvc resolves
someParam
value to addFile;jsessionid=7A6ECCF009D4855821BCB45E0B744A7B'
and it crashes with exception...
As per the Servlet 2.4 specification, URL re-writing is the lowest denomination of session tracking so I'm not surprised that jsessionid
in the URL is ignored for clients who are accepting cookies. Read the section 7.1 for relevant details (i.e. session tracking).
As far as your updated question is concerned (Spring MVC related), there are a lot of articles/techniques out there which mention how to do away with the excessive baggage of ;jsessionid
in your URL by stripping them off using a filter or by using mod_rewrite. Do a google search for "jsessionid in url" and read through the links which follow.
精彩评论