jboss-web/use-session-cookies doesn't work ------------------------------------------ Key: JBAS-6164 URL: https://jira.jboss.org/jira/browse/JBAS-6164 Project: JBoss Application Server Issue Type: Bug Security Level: Public (Everyone can see) Components: Web (Tomcat) service Affects Versions: JBossAS-5.0.0.CR2, JBossAS-4.2.3.GA, JBossAS-4.2.2.GA, JBossAS-4.2.1.GA, JBossAS-4.2.0.GA Reporter: Takayoshi Kimura Assignee: Remy Maucherat Priority: Minor To reproduce, create a .war directory under the deploy directory and put the following jsp file: <% javax.servlet.http.Cookie[] cookies = request.getCookies(); if (cookies != null) { for (int i = 0; i < cookies.length; i++) { if ("JSESSIONID".equals(cookies[i].getName())) { out.println("Session ID cookie found: " + cookies[i].getValue()); break; } } } %> And put WEB-INF/jboss-web.xml as well: <jboss-web> <use-session-cookies>false</use-session-cookies> </jboss-web> Then boot JBoss, hit the jsp file and reload. You'll see the session cookie is enabled. Tested with AS 5 svn rev 80575, it shows: 2008-11-06 16:22:58,243 INFO [org.jboss.web.tomcat.service.deployers.TomcatDeployment] (main) deploy, ctxPath=/test, vfsUrl=test.war 2008-11-06 16:22:58,244 DEBUG [org.jboss.web.tomcat.service.deployers.TomcatDeployment] (main) Using session cookies default setting So it seems ignored. WEB-INF/context.xml works: <Context cookies="false" /> -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira