Why is Spring Boot redirecting with jsessionid in the URL even though I already turned it off?










0















Google Chrome is making this request on the login page.



Request

Request URL: http://app.country-region-9.elasticbeanstalk.com/admin/login
Request Method: POST
Status Code: 302 Found
Remote Address: 99.99.99.99:80
Referrer Policy: no-referrer-when-downgrade


Response

Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: keep-alive
Content-Language: en-US
Content-Length: 0
Date: Thu, 15 Nov 2018 04:23:19 GMT
Expires: 0
Location: /home;jsessionid=15884DA40ECAD4F5CBA6CD138B4B4105
Pragma: no-cache
Server: nginx/1.12.1
Set-Cookie: JSESSIONID=15884DA40ECAD4F5CBA6CD138B4B4105; Path=/; HttpOnly


I have this setting already in application.properties.



server.session.tracking-modes=cookie


So why is Spring Boot appending ;jsessionid to the redirect location? It is breaking the app because Spring Security complains about the semicolon. It works in my local machine and doesn't append the session. It is only failing when deployed to AWS.



This is the action in the controller which redirects:



 @RequestMapping(value = "/admin/login", method = RequestMethod.POST)
 public String doLogin(HttpServletRequest request, HttpServletResponse response) {
...
 request.getSession().setAttribute("user", user);
 return "redirect:/home";


I also confirmed it with curl



$ curl -i http://app.country-region-9.elasticbeanstalk.com/admin/login -d username=xxxx -d password=xxxxxxxxxxx 
HTTP/1.1 302 Found 
...
Location: /home;jsessionid=5A1009B5F3C59ED0F794E625B5E36EA0


But it's not doing that locally.



$ curl -i http://localhost:8080/admin/login -d username=xxxxx -d password=xxxxxxxxxx
HTTP/1.1 302
Set-Cookie: JSESSIONID=4B8930CCC8CE85167089CEBEB47657D4; Path=/; HttpOnly
...
Location: http://localhost:8080/home





spring spring-boot amazon-elastic-beanstalk







share|improve this question




























    0















    Google Chrome is making this request on the login page.



    Request

    Request URL: http://app.country-region-9.elasticbeanstalk.com/admin/login
    Request Method: POST
    Status Code: 302 Found
    Remote Address: 99.99.99.99:80
    Referrer Policy: no-referrer-when-downgrade


    Response

    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Connection: keep-alive
    Content-Language: en-US
    Content-Length: 0
    Date: Thu, 15 Nov 2018 04:23:19 GMT
    Expires: 0
    Location: /home;jsessionid=15884DA40ECAD4F5CBA6CD138B4B4105
    Pragma: no-cache
    Server: nginx/1.12.1
    Set-Cookie: JSESSIONID=15884DA40ECAD4F5CBA6CD138B4B4105; Path=/; HttpOnly


    I have this setting already in application.properties.



    server.session.tracking-modes=cookie


    So why is Spring Boot appending ;jsessionid to the redirect location? It is breaking the app because Spring Security complains about the semicolon. It works in my local machine and doesn't append the session. It is only failing when deployed to AWS.



    This is the action in the controller which redirects:



     @RequestMapping(value = "/admin/login", method = RequestMethod.POST)
     public String doLogin(HttpServletRequest request, HttpServletResponse response) {
    ...
     request.getSession().setAttribute("user", user);
     return "redirect:/home";


    I also confirmed it with curl



    $ curl -i http://app.country-region-9.elasticbeanstalk.com/admin/login -d username=xxxx -d password=xxxxxxxxxxx 
    HTTP/1.1 302 Found 
    ...
    Location: /home;jsessionid=5A1009B5F3C59ED0F794E625B5E36EA0


    But it's not doing that locally.



    $ curl -i http://localhost:8080/admin/login -d username=xxxxx -d password=xxxxxxxxxx
    HTTP/1.1 302
    Set-Cookie: JSESSIONID=4B8930CCC8CE85167089CEBEB47657D4; Path=/; HttpOnly
    ...
    Location: http://localhost:8080/home





    spring spring-boot amazon-elastic-beanstalk







    share|improve this question


























      0












      0








      0








      Google Chrome is making this request on the login page.



      Request

      Request URL: http://app.country-region-9.elasticbeanstalk.com/admin/login
      Request Method: POST
      Status Code: 302 Found
      Remote Address: 99.99.99.99:80
      Referrer Policy: no-referrer-when-downgrade


      Response

      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Connection: keep-alive
      Content-Language: en-US
      Content-Length: 0
      Date: Thu, 15 Nov 2018 04:23:19 GMT
      Expires: 0
      Location: /home;jsessionid=15884DA40ECAD4F5CBA6CD138B4B4105
      Pragma: no-cache
      Server: nginx/1.12.1
      Set-Cookie: JSESSIONID=15884DA40ECAD4F5CBA6CD138B4B4105; Path=/; HttpOnly


      I have this setting already in application.properties.



      server.session.tracking-modes=cookie


      So why is Spring Boot appending ;jsessionid to the redirect location? It is breaking the app because Spring Security complains about the semicolon. It works in my local machine and doesn't append the session. It is only failing when deployed to AWS.



      This is the action in the controller which redirects:



       @RequestMapping(value = "/admin/login", method = RequestMethod.POST)
       public String doLogin(HttpServletRequest request, HttpServletResponse response) {
      ...
       request.getSession().setAttribute("user", user);
       return "redirect:/home";


      I also confirmed it with curl



      $ curl -i http://app.country-region-9.elasticbeanstalk.com/admin/login -d username=xxxx -d password=xxxxxxxxxxx 
      HTTP/1.1 302 Found 
      ...
      Location: /home;jsessionid=5A1009B5F3C59ED0F794E625B5E36EA0


      But it's not doing that locally.



      $ curl -i http://localhost:8080/admin/login -d username=xxxxx -d password=xxxxxxxxxx
      HTTP/1.1 302
      Set-Cookie: JSESSIONID=4B8930CCC8CE85167089CEBEB47657D4; Path=/; HttpOnly
      ...
      Location: http://localhost:8080/home





      spring spring-boot amazon-elastic-beanstalk







      share|improve this question
















      Google Chrome is making this request on the login page.



      Request

      Request URL: http://app.country-region-9.elasticbeanstalk.com/admin/login
      Request Method: POST
      Status Code: 302 Found
      Remote Address: 99.99.99.99:80
      Referrer Policy: no-referrer-when-downgrade


      Response

      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Connection: keep-alive
      Content-Language: en-US
      Content-Length: 0
      Date: Thu, 15 Nov 2018 04:23:19 GMT
      Expires: 0
      Location: /home;jsessionid=15884DA40ECAD4F5CBA6CD138B4B4105
      Pragma: no-cache
      Server: nginx/1.12.1
      Set-Cookie: JSESSIONID=15884DA40ECAD4F5CBA6CD138B4B4105; Path=/; HttpOnly


      I have this setting already in application.properties.



      server.session.tracking-modes=cookie


      So why is Spring Boot appending ;jsessionid to the redirect location? It is breaking the app because Spring Security complains about the semicolon. It works in my local machine and doesn't append the session. It is only failing when deployed to AWS.



      This is the action in the controller which redirects:



       @RequestMapping(value = "/admin/login", method = RequestMethod.POST)
       public String doLogin(HttpServletRequest request, HttpServletResponse response) {
      ...
       request.getSession().setAttribute("user", user);
       return "redirect:/home";


      I also confirmed it with curl



      $ curl -i http://app.country-region-9.elasticbeanstalk.com/admin/login -d username=xxxx -d password=xxxxxxxxxxx 
      HTTP/1.1 302 Found 
      ...
      Location: /home;jsessionid=5A1009B5F3C59ED0F794E625B5E36EA0


      But it's not doing that locally.



      $ curl -i http://localhost:8080/admin/login -d username=xxxxx -d password=xxxxxxxxxx
      HTTP/1.1 302
      Set-Cookie: JSESSIONID=4B8930CCC8CE85167089CEBEB47657D4; Path=/; HttpOnly
      ...
      Location: http://localhost:8080/home





      spring spring-boot amazon-elastic-beanstalk




      spring spring-boot amazon-elastic-beanstalk






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 15 '18 at 4:54







      Chloe

















      asked Nov 15 '18 at 4:37









      ChloeChloe

      11k1982198




      11k1982198






















          0






          active

          oldest

          votes












          Your Answer






          StackExchange.ifUsing("editor", function ()
          StackExchange.using("externalEditor", function ()
          StackExchange.using("snippets", function ()
          StackExchange.snippets.init();
          );
          );
          , "code-snippets");

          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "1"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53312511%2fwhy-is-spring-boot-redirecting-with-jsessionid-in-the-url-even-though-i-already%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53312511%2fwhy-is-spring-boot-redirecting-with-jsessionid-in-the-url-even-though-i-already%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Kleinkühnau

          Image
          Kleinkühnau Stadt Dessau-Roßlau 51.839444444444 12.184444444444 57 Koordinaten: 51° 50′ 22″  N , 12° 11′ 4″  O Höhe: 57 m Fläche: 9,93 km² Einwohner: 1649  (31. Dez. 2011) Bevölkerungsdichte: 166 Einwohner/km² Eingemeindung: 1. Oktober 1923 Eingemeindet nach: Dessau Postleitzahl: 06846 Vorwahl: 0340 Rathaus (Amtshaus Kühnau e. V.) Ev. Kirche Kleinkühnau Kleinkühnau ist ein Stadtteil von Dessau-Roßlau, einer kreisfreien Stadt im Bundesland Sachsen-Anhalt. Er liegt ungefähr vier Kilometer westlich des Stadtzentrums. Südlich der Kühnauer Straße befinden sich der Flugplatz Dessau, das Technikmuseum Hugo Junkers sowie der Standort der Polizeidirektion Sachsen-Anhalt Ost. Kleinkühnau hat 1649 Einwohner (Stand 31. Dezember 2011). Inhaltsverzeichnis 1 Geschichte 1.1 Bevölkerungsentwicklung 2 Siehe auch 3 Weblinks 4 E...
          Read more

          Makov (Slowakei)

          Image
          Makov Wappen Karte Makov Basisdaten Staat: Slowakei Kraj: Žilinský kraj Okres: Čadca Region: Kysuce Fläche: 46,052 km² Einwohner: 1.720 (31. Dez. 2017) Bevölkerungsdichte: 37 Einwohner je km² Höhe: 583  m n.m. Postleitzahl: 023 56 Telefonvorwahl: 0 41 Geographische Lage: 49° 22′  N , 18° 29′  O 49.366666666667 18.483333333333 583 Koordinaten: 49° 22′ 0″  N , 18° 29′ 0″  O Kfz-Kennzeichen: CA Kód obce: 509299 Struktur Gemeindeart: Gemeinde Verwaltung (Stand: November 2014) Bürgermeister: Martin Pavlík Adresse: Obecný úrad Makov 60 02356 Makov Webpräsenz: www.makov.sk Statistikinformation auf statistics.sk Makov (ungarisch Trencsénmakó – älter auch Makó , polnisch Maków ) ist eine Gemeinde in der Nordwestslowakei. Inhaltsverzeichnis 1 Geographie 1.1 Bevölkerung 2 Ge...
          Read more

          Deutsches Schauspielhaus

          Image
          Deutsches Schauspielhaus Hamburg Aktie über 1000 Mark der Deutsche Schauspielhaus AG vom 20. Juni 1899 Das Deutsche Schauspielhaus im Hamburger Stadtteil St. Georg ist mit 1200 Plätzen das größte Sprechtheater Deutschlands. Entstanden ist es durch eine private Initiative von Bürgern und der 1899 gegründeten „Aktiengesellschaft Deutsches Schauspielhaus“. Die Pläne stammen von dem Wiener Architekturbüro Fellner und Helmer, die das neobarocke Gebäude nach dem Vorbild des Wiener Volkstheaters gestalteten. Am 15. September 1900 wurde das Theater mit einer Aufführung der Iphigenie auf Tauris feierlich eröffnet. Der Name Deutsches Schauspielhaus knüpft an die Tradition des Hamburger Nationaltheaters an, das Mitte des 18. Jahrhunderts durch Hamburger Bürger betrieben wurde und an dem Gotthold Ephraim Lessing als Dramaturg tätig war. Das Schauspielhaus hat die Theatergeschichte der Stadt im 20. Jahrhundert entsc...
          Read more