JSESSIONID considered harmful
Posted by ccondit on 10/19/06 @ 2:33 PM :: Updated by ccondit on 7/2/09 @ 6:15 PM
Tags :: :: :: ::

One little-known feature of the Java Servlet Spec allows for encoding session identifiers in URLs. In theory, this allows browsers without support for cookies to maintain session state with your website. In practice, however, there are several problems with this approach...