Configure WildFly/Undertow to put JSESSIONID on URL if cookies not accepted
We previously used JBoss 7.1.2 and utilized the behaviour that JSESSIONID is put on the URL as a fallback if cookies are not accepted or if the JSESSIONID cookie is not present in requests.
After migrating to WildFly 8.2.0 / Undertow 1.1.0 this URL rewrite is not happening.
Is it possible to configure WildFly/Undertow to put JSESSIONID on URLs as a fallback? We are aware of the possibility to put session-config in web.xml, e.g.:
<session-config>
<tracking-mode>URL</tracking-mode>
</session-config>
But we only want JSESSIONID on URLs as a fallback solution.
Answer
To use cookie based session-tracking if available and URL based session-tracking as a fallback you should configure your deployment descriptor web.xml like this:
<web-app ...>
<session-config>
<tracking-mode>COOKIE</tracking-mode>
<tracking-mode>URL</tracking-mode>
</session-config>
</web-app>
Note, that you need at least servlet 3.0 specification!
Unfortunately there is a bug (UNDERTOW-396) in Wildfly/Undertow that prevents the fallback from being used. That bug has been marked as fixed for Undertow 1.2.0-Beta10, but Wildfly 8.1.0.Final and 8.2.Final both use older versions. So currently you'd probably need to update Undertow in your Wildfly installation to get the fix.
Here is another useful blog-post on this topic.
Update: Wildfly 9.0.2.Final uses Undertow 1.2.9, so this should be working again (not yet tested).