I am implementing session without cookies, but the problem is that if cookies are disabled by default browser send jsessionid in Urls to track session http://localhost:8080/basepath/dashboard/admin;jsessionid=8F7E4882D0F2FD804BCC148B0FE3681E
but here jsessionid is getting exposed in url, hence i want to filter jsessionid so that its not printed in url after login.
in WEB-INF/web.xml added below lines
<filter>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
I have created a new urlrewrite.xml which contains below code.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 3.0//EN" "http://www.tuckey.org/res/dtds/urlrewrite3.0.dtd">
<urlrewrite>
<rule>
<note>Remove jsessionid from embedded urls - for urls WITH query parameters</note>
<from>^/(.*);jsessionid=.*[?](.*)$</from>
<to type="redirect">/$1?$2</to>
</rule>
<rule>
<note>Remove jsessionid from embedded urls - for urls WITHOUT query parameters</note>
<from>^/(.*);jsessionid=.*[^?]$</from>
<to type="redirect">/$1</to>
</rule>
</urlrewrite>
But i am still seeing jsessionid appended with every request. what is it that i am missing ?