If for some reasons you need to disable the use of a cookie for session handling, you can edit the context.xml file located in the META-INF directory of your J2EE web application. The following solution works well with Tomcat 5.5 and I havn’t tested this feature with older versions. To disable the use of cookies add the attribute ‘cookies’ and set its value to ‘false’.
<?xml version='1.0' encoding='UTF-8'?> <Context path='/myApplicationContext' cookies='false'> <!-- other settings --> </Context>
This trick also works with Tomcat 5.0.19.
Does this make Tomcat handle sessions in some other way then by cookies or does it disable sessions completely?
It just disables cookie support for sessions. Without cookies, you have to add the session hash key into each URL or form using <c:url value=”MyLink”/> for example (using JSTL).