How to completely deactivate JSESSIONID cookie entry (in Chrome's Cookie list)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

How to completely deactivate JSESSIONID cookie entry (in Chrome's Cookie list)

Tillmann Schulz
Hi there,

I am using Tomcat 8.5.58 and have a problem with JSESIONID cookie.
It should be possible to completly deactivate the jsessionid cookie with the following code:

<%@ page session="false" %>

If you do that and call the JSP, there is in no entry under cookies in google chrome's cookie list (if you press F12 in chrome) .
But in chrome's cookie list there is a host entry for the hostname of the JSP.
This is confusing, because there are no cookies set.

I am not sure if this is a tomcat issue, but under firefox it also looks simular.

Is it possible to completly deactivate cookies? There shouldn't be any hostname visible in the cookie view.

Thank you for your help in advance

Tillmann



Reply | Threaded
Open this post in threaded view
|

Re: How to completely deactivate JSESSIONID cookie entry (in Chrome's Cookie list)

logo
Hi Tillmann,

Am 2021-01-29 11:00, schrieb Tillmann Schulz:

> Hi there,
>
> I am using Tomcat 8.5.58 and have a problem with JSESIONID cookie.
> It should be possible to completly deactivate the jsessionid cookie
> with the following code:
>
> <%@ page session="false" %>
>
> If you do that and call the JSP, there is in no entry under cookies in
> google chrome's cookie list (if you press F12 in chrome) .
> But in chrome's cookie list there is a host entry for the hostname of
> the JSP.
> This is confusing, because there are no cookies set.
>
> I am not sure if this is a tomcat issue, but under firefox it also
> looks simular.
>
> Is it possible to completly deactivate cookies? There shouldn't be any
> hostname visible in the cookie view.
>
I doubt that this is a matter of the usage of cookies. That's default
behaviour of the browser, that will create that per site. Go to a site
that does not use sessions (and tomcat) and it will have that entry.

Peter

> Thank you for your help in advance
>
> Tillmann

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: How to completely deactivate JSESSIONID cookie entry (in Chrome's Cookie list)

Martin Grigorov
In reply to this post by Tillmann Schulz
On Fri, Jan 29, 2021 at 12:03 PM Tillmann Schulz
<[hidden email]> wrote:

> Hi there,
>
> I am using Tomcat 8.5.58 and have a problem with JSESIONID cookie.
> It should be possible to completly deactivate the jsessionid cookie with
> the following code:
>
> <%@ page session="false" %>
>

This says that this particular JSP does not create an HTTP session but if
any other JSP of your app creates one then it will be transfered for all
requests until it is either deleted or it expires.


>
> If you do that and call the JSP, there is in no entry under cookies in
> google chrome's cookie list (if you press F12 in chrome) .
> But in chrome's cookie list there is a host entry for the hostname of the
> JSP.
>

What is the name of this cookie ?


> This is confusing, because there are no cookies set.
>
> I am not sure if this is a tomcat issue, but under firefox it also looks
> simular.
>
> Is it possible to completly deactivate cookies? There shouldn't be any
> hostname visible in the cookie view.
>
> Thank you for your help in advance
>
> Tillmann
>
>
>
>
Reply | Threaded
Open this post in threaded view
|

Re: How to completely deactivate JSESSIONID cookie entry (in Chrome's Cookie list)

Tillmann Schulz
In reply to this post by logo
Hi Peter,
>>Go to a site that does not use sessions (and tomcat) and it will have that entry.
You are right, every site with no cookies causes the entry under cookies in chrome.
So this issue is solved. Thank you
Tillmann