How do I keep Tomcat 4.1.x from persisting Session Objects?
Created May 7, 2012
Brendan Patterson [Full question:
What I need to know is how to make Tomcat not persist the session object between requests and not send back the jsessionid cookie.]
I have an application that I am migrating to a clustered environment with multiple Tomcat 4.1.x servers. I am in the process of changing the persistent session data to another format.
I am inclined to persist the limited data we have in a cookie rather than use a session server and persisting the data in a central database.
This is a bit of a hack, but it's encapsulated and could work.
Set up a filter to run incoming requests past a JSP that with page directive<%@ page session="false" %>.
There are probably other ways. Or you can dig through Tomcat's source code to figure out the mechanism by which this page directive deactivates sessions.
Good luck!