In J2EE web application, how do I disable the default HttpSession creation?
We have our own way of tracking session, we don't use default jsp/servlet session but the default session sets cookie in browser which I would like to avoid. Right now on every JSP page we specify as session="false" in page directive but often some developers missing this part, so I am trying to find a common place where I can control default session.
I am trying to find a common place where I can control default session.
The answer is servletcontainer specific since that's the one responsible for session creation and management. The standard Servlet API isn't responsible for that. It's unclear which servletcontainer you you're using, so here's a Tomcat targeted answer: create your own <Manager>.
Alternatively, you can also entirely disable cookie support and rely on URL rewriting only (but not do it). This way sessions won't survive among requests. You can do this in in for example Tomcat by setting the cookie attribute of the <Context> element to false.
If you're using another servletcontainer, then you need to consult its documentation based on the newly learnt information and keywords here above, or just to mention here which one it is.