Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] Disable URL Rewriting

(Sorry for the encoded message spam. This is the original message.)


because URL Rewriting is not very secure (see, I tried to completely disable it, but without success.
I understand and accept that clients not supporting Cookies won't be able to use my site.

I use jetty 9.0.5 and configure everything through a ServletContextListener. This is the relevant Code:


As I understand it, this should disable URL Rewriting, but on the first POST-request using a session, the redirect url is rewritten to include the jsessionid parameter.

I also tried:


but to no avail.

Right now I use a servlet filter to circumvent this behaviour.

My question is: Is this the expected behaviour? If yes, is there a more elegant standard way to only use cookies for session tracking?
I did not check the behaviour of tomcat, maybe that's worth investigating?

Thank you very much in advance :)

Back to the top