Older versions of Apache Tomcat, as well as the older servlet specifications required that several configuration values need to be set. With servlet 3, you can now modify the name of the session cookie (as well as the ‘rewriting’ attribute name) in the web.xml file
In web.xml: (servlet 3.x)
<session-config>
<session-timeout>30</session-timeout>
<cookie-config>
<name>mysessionid</name><!-- default is jsessionid -->
<http-only>true</http-only>
<!-- secure>true</secure-->
</cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
Alternately for Tomcat7, modify TOMCAT_HOME\conf\context.xml
:
<Context path="/exampleApp" sessionCookieName="myid">
If you are using spring security, then you should try setting
disable-url-rewriting
attribute of<http>
element to true.
REFERENCES: