1 Reply Latest reply on Dec 16, 2007 10:01 AM by Alex Titov

    Disable cookies for session tracking on server side

    Rob Conaway Newbie

      I am trying to disable the use of cookies for session tracking. I have tried with both JSF and with a simple JSP page. I am using JBoss 4.2.1.

      I have tried changing the file
      .../server/default/deploy/jboss-web-deployer/context.xml as follows:

      <Context cookies="false" crossContext="false">
       ...
      </Context>
      


      I have tried copying the above context.xml into my web app's WEB-INF directory. None of these work. The only way I can get the server to stop using a session cookie is to disable cookies on the browser.

      I need to disable cookies because I must support multiple browsers/tabs on the same client PC. With cookies, there is no way to distinguish the two client-side sessions because they will both use the same session tracking cookie.

      I know I have done this before with Tomcat, but I'm missing something obvious here for JBoss. I'd appreciate any help.

      Here is a simple JSP page I have used for testing. When I turn cookies off on the browser, the session id shows up in the URL as expected.
      <html>
       <%
       Integer counter = (Integer) session.getAttribute("counter");
       if (counter == null) {
       counter = new Integer(0);
       }
       counter = new Integer(counter.intValue() + 1);
       session.setAttribute("counter", counter);
       %>
       Counter = <%= counter %>
       <br/>
       <a href=<%= response.encodeURL("test.jsp") %>>Click Me</a>
      </html>
      


      Rob Conaway