How do i prevent the session id being passed between client and server via URL query string? I dont want the session identifier to be passed over the URL query string. How do i ensure this? Any help would be appreciated. Thanks Praveenkumar
You can configure how your container tracks the session using your web.xml. Just add this to enforce cookies:
<session-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
But please not that if you force your container to use cookies, you will break session handling for users that don't have cookies enabled.