servlets - How to prevent adding jsessionid at the end of redirected url

Question

I am trying to redirect to foreign domain url from my servlet. But the redirection adds ;jsessionid=ghdssdf... at the end of url. I do not know how I can prevent appending jsession id to my url. My app is running on Websphere

resp.sendRedirect(resp.encodeRedirectURL("https://www.facebook.com/mymage"));

end the directed url can be seen in browser as https://www.facebook.com/mymage;jsessionid=dfsdfsd

Answer 1

It appears that you're confused by the badly chosen method name encodeRedirectURL(). It does not perform any "URL encoding" ("dealing with special characters") as the method name implies. It merely performs "URL rewriting" by appending the current session ID as path parameter. This is intented to be used when rendering internal links on the web page (usually via JSTL <c:url> in JSP pages, or JSF <h:link> in Facelets pages), so that the HTTP session is maintained in case the client has cookies disabled.

You don't need it here at all. Just pass the URL outright:

response.sendRedirect("https://www.facebook.com/mymage");

See also:

• In the context of Java Servlet what is the difference between URL Rewriting and Forwarding?

---

Unrelated to the concrete problem: URL rewriting could be turned off by adding the below entry to webapp's web.xml, which instructs the container to use a "Cookie only" policy as to maintaining the HTTP session.

<session-config>
    <tracking-mode>COOKIE</tracking-mode>
</session-config>