• 1 reply
  • Latest Post - ‏2012-04-30T14:23:35Z by Sunit
1 Post

Pinned topic UK Cookie Law - disable JSESSIONID per URL suffix (.uk)

‏2012-04-27T17:44:05Z |

anyone heard of the UK Cookie law which went into effect May 26th, 2011 but will begin to be enforced May 26,2012? (

Is there a way to disable JSESSIONID per URL on a server where multiple URL suffixes are being served? (.uk, .de, etc.)

The server(s) in question are serving up WebSphere Portal (v6.1)
Updated on 2012-04-30T14:23:35Z at 2012-04-30T14:23:35Z by Sunit
  • Sunit
    200 Posts

    Re: UK Cookie Law - disable JSESSIONID per URL suffix (.uk)

    That specific law is targeted towards cookies being used to track users behavior, surfing habits, web analytic, advertisements, etc. If your application is using cookies for that purpose then you have to ask explicit permission from users to store and track cookies on their desktop/client.

    If you are using JSESSIONID cookie for HTTP session only then it is a session cookie. If this cookie is a required cookie to make your application work and provide the service explicitly requested by the user then you do not need user consent. However, you can explain the purpose of the cookie on the sign-on screen and ask the user to except the terms of use of your application.

    If you do not want to use JSESSIONID, you can always use the URL rewrite technique for session management. This is a little unwieldy and can enfore certain limits in terms of data included. Also, it can expose certain data that should not be exposed by making it part of the URL thus causing security headaches.

    Having said all this, JSESSIONID discussion should be posted to the WebSphere Application server forum. This forum is meant for IBM HTTP Server.

    • Sunit