Disabling Session Cookies in Jetty
November 26, 2006
When testing Java web applications, the preferred setting for session handling is url rewriting rather than the use of a browser cookie. This configuration allows the developer to maintain isolated sessions across various tabs and windows, a fairly common practice in pre-production environments. While there are many references available on the web that explain how to configure Jetty 5.x to make this switch, I found it much more difficult to pinpoint instructions for how to do it in the Jetty 6.x series. To save folks the headache, I am documenting the configuration below. Create the file jetty-web.xml and place it in the WEB-INF/ directory. Populate that file with the following contents.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN"
"http://jetty.mortbay.org/configure.dtd">
<Configure class="org.mortbay.jetty.webapp.WebAppContext">
<Get name="sessionHandler">
<Get name="sessionManager">
<Set name="usingCookies" type="boolean">false</Set>
</Get>
</Get>
</Configure>
The syntax for the tags used in this file are detailed on the Jetty Wiki. Much like the Spring configuration, it allows declarative assignment of properties via accessor methods.
By the way, if you aren't using Jetty to deploy your Maven 2 powered application, then you aren't getting the most out of your development time. Take a couple of minutes and follow this maven-jetty-plugin howto to get setup before another minute of hacking goes into the books.
2 Comments from the Peanut Gallery
1 | Posted by Peter Motyka on September 10, 2007 at 04:37 PM EST
Any idea how to disable the WebAppContext's sessionHandler all together?
2 | Posted by qnaguru on November 20, 2008 at 05:26 AM EST
"Any idea how to disable the WebAppContext's sessionHandler all together?"
Well, just disable the cookies, it achieves what you want!
Got Something to Say?