I never used tomee, but I think it should be the same as tomcat. You can try this out. https://fralef.me/tomcat-disable-jsessionid-in-url.html
Put context.xml file in your webapp's META-INF/ folder. You may not need the docBase property, because it is used when you not deploy your webapp in the folder webapps/. May this help you! On Fri, Jul 10, 2015 at 7:58 PM, Nagaraju Kurma < [email protected]> wrote: > Hello Team, > > I tried a lot and concluded with there is configuration as part of tomme > *system.propeties*. But unfortunately this configuration is not working > for me. > > openejb.jsessionid-support = false > > http://tomee.apache.org/properties-listing.html > > Anybody is having any work around this? > > On Fri, Jul 10, 2015 at 2:26 PM, Nagaraju Kurma < > [email protected]> wrote: > >> Hello Rui Tang, >> >> I am using the web container like apache tomme having the version like >> *apache-tomee-plus-1.7.1* >> >> I think it is equivalent with apache tomcat with enhanced features having >> application server behavior as follows >> >> Tomcat + Java EE = TomEE >> >> On Fri, Jul 10, 2015 at 1:31 PM, Rui Tang <[email protected]> wrote: >> >>> It's not about what the version number in web.xml, but the really >>> servlet version that your container supports. If your container only >>> supports servlet 2.5, the way you write the web.xml will not work. >>> >>> Can you tell me what your web container is? Tomcat or such as Weblogic? >>> >>> On Fri, Jul 10, 2015 at 3:55 PM, Nagaraju Kurma < >>> [email protected]> wrote: >>> >>>> Hello Rui Tang, >>>> >>>> I am using servlet 3.0 only and my web.xml as follows. >>>> >>>> <web-app xmlns="http://java.sun.com/xml/ns/javaee"; xmlns:xsi=" >>>> http://www.w3.org/2001/XMLSchema-instance"; >>>> xsi:schemaLocation="http://java.sun.com/xml/ns/javaee >>>> http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"; >>>> *version="3.0"*> >>>> >>>> Sorry i am not clear to implement this configuration my application as >>>> i am not running any jetty configuration at all. >>>> >>>> Could you please elaborate the explanation towards configuration files >>>> to hide the JSESSIONID in my simple spring & shiro based web application. >>>> >>>> >>>> >>>> >>>> On Fri, Jul 10, 2015 at 12:58 PM, Rui Tang <[email protected]> >>>> wrote: >>>> >>>>> <session-config> is available for servlet 3.0. If you use web >>>>> containers that support lower version, you have to config it via >>>>> container's config. >>>>> >>>>> E.g. for jetty, >>>>> http://www.eclipse.org/jetty/documentation/current/session-management.html >>>>> >>>>> On Fri, Jul 10, 2015 at 2:15 PM, Nagaraju Kurma < >>>>> [email protected]> wrote: >>>>> >>>>>> Hello Team, >>>>>> >>>>>> Thanks for your valuable time spending. >>>>>> >>>>>> *1) Session Fixation* >>>>>> >>>>>> Implemented the same as the above link describes, Its working fine >>>>>> but it is like out side of the framework and not developer friendly. As >>>>>> this is a high security concern some where we need to have a >>>>>> configuration >>>>>> as part of shiro only. >>>>>> >>>>>> *2) Session Token in url* >>>>>> >>>>>> I am having one more question that on first request after session got >>>>>> started *JSESSIONID *is appending in the url as follows >>>>>> >>>>>> >>>>>> http://localhost:8080/myapp1/anon/login;JSESSIONID=c04cd50c-65fc-4448-9a27-732e6d40dfad >>>>>> >>>>>> This is also one of the security concern, How to resolve it? Anybody >>>>>> having any work around about this? >>>>>> >>>>>> I am working with spring & shiro so i tried with the following >>>>>> configuration but got failed. >>>>>> >>>>>> <session-config> >>>>>> <tracking-mode>COOKIE</tracking-mode> >>>>>> </session-config> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Fri, Jul 10, 2015 at 11:19 AM, Rui Tang <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Here's an issue about this problem. >>>>>>> >>>>>>> https://issues.apache.org/jira/browse/SHIRO-170 >>>>>>> >>>>>>> Even though it hasn't been fixed, but in comment, there's some >>>>>>> workaround. >>>>>>> >>>>>>> On Thu, Jul 9, 2015 at 1:26 PM, Nagaraju Kurma < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi Team, >>>>>>>> >>>>>>>> Is there any workaround on this? >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> Thanks & Regards >>>>>>>> >>>>>>>> Nagaraju Kurma >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> 唐睿 >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> Thanks & Regards >>>>>> >>>>>> Nagaraju Kurma >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> 唐睿 >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Thanks & Regards >>>> >>>> Nagaraju Kurma >>>> >>> >>> >>> >>> -- >>> 唐睿 >>> >> >> >> >> -- >> >> Thanks & Regards >> >> Nagaraju Kurma >> > > > > -- > > Thanks & Regards > > Nagaraju Kurma > -- 唐睿
