Removing JSESSIONID from URLs for Spring Security 3.0+ applications

less than 1 minute read

jsessionid in URLs look annoying, more so in search results. Disabling them from URL is just a configuration in your spring-security.xml file for Spring version 3.0 + : use the disable-url-rewriting=”true” in the security namespace for http tag. the http tag becomes:

<security:http auto-config="false" disable-url-rewriting="true">

If you are not using http cofiguration and using FilterChainProxy, this article can help.

Leave a Comment