Hi,
I have two applications:
One of them generates a session ID, executes some process, and in some situations, forwards to a jsp in another web application. I do this as a pluggable templating system. In this JSP I do some things, and return the requested page to the user, but although I do a encodeURL for every link in the page, jsessionid is not introduced in the urls.
Looking at the code, I have seen this (org.apache.catalina.connector.Response), line 1413, method doIsEncodeable(req,res)
String contextPath = getContext().getPath(); if (contextPath != null) { String file = url.getFile(); if ((file == null) || !file.startsWith(contextPath)) return (false); if( file.indexOf(";jsessionid=" + session.getIdInternal()) >= 0 ) return (false); }