This is standard JavaEE behavior, and is dictated and controlled by the servlet container. It has nothing to do with Spring.

这是标准的 JavaEE 行为，由 servlet 容器规定和控制。它与 Spring 无关。

See this previous questionto find out why and when it gets created, and how to avoid it.

请参阅上一个问题以了解创建它的原因和时间，以及如何避免它。

I didn't see this answer in the other question so I wanted to explain it. The way sessions work in java and I think php, is when the client first comes it, it creates a cookie and appends JESSIONID to all the urls that used <c:url/>tag. The reason it does this is because the first time the client visits the page, the server has no idea if the client supports cookies. So it does both. Next time, since it sees the cookie, it will actually not use URLs anymore because it knows cookies worked.

我在另一个问题中没有看到这个答案，所以我想解释一下。会话在 java 和我认为 php 中的工作方式是当客户端第一次出现时，它会创建一个 cookie 并将 JESSIONID 附加到所有使用<c:url/>标签的 url 。这样做的原因是因为客户端第一次访问页面时，服务器不知道客户端是否支持 cookie。所以它两者兼而有之。下一次，因为它看到了 cookie，它实际上不会再使用 URL，因为它知道 cookie 起作用了。

There is a lot of ways to disable this. If you are not using sessions at all then you can disable cookies by putting cookies=false in context.xml. This only disables cookies for the session and not regular cookies. You can then use urlrewrite to stip the sessionid.

有很多方法可以禁用它。如果您根本不使用会话，那么您可以通过在 context.xml 中放置 cookies=false 来禁用 cookie。这只会禁用会话的 cookie，而不是常规 cookie。然后您可以使用 urlrewrite 来删除 sessionid。

Hope that helps.

希望有帮助。

What app server are you using? I know that Weblogic at least will always do a URL encoded session, as well as a cookie based session, on the first call at least, to see if cookies are enabled on the client. If it can't find the cookie that matches the URL session id on the next call, it will continue using the session token from the URL. I know when they switched our company over to using Sharepoint for web crawling and search the windows web guys whined for a LONG time about the issue, until they finally understood that all they had to do was turn on cookie session support.

您使用的是什么应用服务器？我知道至少在第一次调用时，Weblogic 至少会始终执行 URL 编码会话以及基于 cookie 的会话，以查看客户端是否启用了 cookie。如果在下一次调用时找不到与 URL 会话 ID 匹配的 cookie，它将继续使用来自 URL 的会话令牌。我知道当他们将我们的公司转换为使用 Sharepoint 进行网络爬行和搜索时，Windows 网络人员对这个问题抱怨了很长时间，直到他们最终明白他们所要做的就是打开 cookie 会话支持。

In my case this was happening when the application was deployed on my desktop and not using https. In which case in weblogic.xml, cookie-secureshould be set to false. Otherwise cookie managed session ID will only work over https.

在我的情况下，当应用程序部署在我的桌面上而不是使用 https 时，就会发生这种情况。在这种情况下weblogic.xml，cookie-secure应设置为 false。否则 cookie 管理的会话 ID 只能通过 https 工作。

<wls:cookie-secure>false</wls:cookie-secure>