Over One Billion JSessionID’s Served!

The 2006 RandomCoder article, “JSESSIONID considered harmful” mentions that a Google search on URLs with “jsessionid” in them resulted in 76 million results. Now in 2010, there are over one billion pages with “jsessionid” in the URL!

Although I understand the motivation behind URL-based session-ids (support cookie-less users), it seems inconceivable that all billion of these pages actually need cross-page state, even for casual/anonymous visitors (including search engine robots). I wonder how much bandwidth, memory and processing power are wasted to create empty session objects and shuffling around useless JSessionIDs in URLs and cookies.

Leave a Reply

Your email address will not be published. Required fields are marked *