What Causes Session Id To Be Generated

jfrosch Mar 4, 2004 7:22 PM

I've got a web application that is generating a session ID, as indicated by a rewritten URL. However, the app doesn't use any HttpSession references in the code.

I don't recall this behavior in earlier web apps I've done, so now I'm wondering if there are any JBoss/Tomcat configuration settings that might be causing sessions to be generated?

This isn't a show stopper, just a minor annoyance.

TIA

Jack

1. Re: What Causes Session Id To Be Generated

oz59 Mar 5, 2004 12:27 PM (in response to jfrosch)

Greetings.

If the app makes use of JSPs, then there's your answer.

session is a JSP implicit object.

cheers.
Actions
2. Re: What Causes Session Id To Be Generated

jfrosch Mar 6, 2004 1:04 PM (in response to jfrosch)

>> session is a JSP implicit object.

Of course!

Now I'm wondering why I'm noticing this behavior now and now before. The session id is not only showing up in the address bar, but the generated HTML code from the JSP has the session id appended to URLS everywhere in the page. Except for the rewriiten URL in the address bar, the user doesn't see these rewrites on the page without viewing source, but it bugs me anyway.

Could this behavior be because cookies are not being accepted by the browser? I'm using Mozilla 1.6 with cookies setting at "Enable cookies for the originating web site only" and I'm seeing this on a localhost instance of the app.

Thanks for your response.

Jack
Actions
3. Re: What Causes Session Id To Be Generated

ipojman Mar 6, 2004 1:26 PM (in response to jfrosch)

Yes - a servlet container should support the lowest common denominator of session tracking, which is url rewriting. (support for browsers without cookies)
Actions

Go to original post