Disabling Session Cookie in Tomcat

If for some reasons you need to disable the use of a cookie for session handling, you can edit the context.xml file located in the META-INF directory of your J2EE web application. The following solution works well with Tomcat 5.5 and I havn’t tested this feature with older versions. To disable the use of cookies add the attribute ‘cookies’ and set its value to ‘false’.

<?xml version='1.0' encoding='UTF-8'?>
<Context path='/myApplicationContext' cookies='false'>
  <!-- other settings -->
</Context>
This entry was posted in Developer, Web. Bookmark the permalink.

3 Responses to Disabling Session Cookie in Tomcat

  1. secure says:

    This trick also works with Tomcat 5.0.19.

  2. Christian R says:

    Does this make Tomcat handle sessions in some other way then by cookies or does it disable sessions completely?

  3. joachim says:

    It just disables cookie support for sessions. Without cookies, you have to add the session hash key into each URL or form using <c:url value=”MyLink”/> for example (using JSTL).