Configure WildFly / Undertow to add JSESSIONID to url if cookies are not accepted
Previously, we used JBoss 7.1.2 and used the behavior that JSESSIONID places in the URL as a fallback if cookies are not accepted or if the JSESSIONID cookie is not present in requests.
After upgrading to WildFly 8.2.0 / Undertow 1.1.0, this url fails.
Can WildFly / Undertow be configured to include JSESSIONID in URLs as a backup? We know about the possibility of setting session-config in web.xml
, for example:
<session-config>
<tracking-mode>URL</tracking-mode>
</session-config>
But we want the JSESSIONID on the urls to be a fallback solution.
source to share
To use cookie-based session tracking, if available, and URL-based session tracking as a backup, you must configure your deployment descriptor web.xml
as follows:
<web-app ...>
<session-config>
<tracking-mode>COOKIE</tracking-mode>
<tracking-mode>URL</tracking-mode>
</session-config>
</web-app>
Note that you need the Servlet 3.0 specification!
Unfortunately, there is a bug in Wildfly / Undertow (UNDERTOW-396) that prevents the use of the backup. This bug has been reported fixed for Undertow 1.2.0-Beta10, but Wildfly 8.1.0.Final and 8.2.Final are used as old versions. So at this time, you probably need to update Undertow in your Wildfly installation to get the fix.
Here is another helpful blog post on this topic.
Update : Wildfly 9.0.2.Final uses Undertow 1.2.9, so this should work again (not tested yet).
source to share