When we started moving GreatSchools from Perl to Java + SpringMVC + Hibernate one of the first things we had to figure out was how to disable jsessionid‘s from getting appended to URL’s when using c:url in a JSP page. Jsessionid is terrible for search engine optimization because crawlers that don’t have cookies enabled will get URL’s from your pages with a jsessionid parameter appended. This makes it virtually impossible for a crawler to match the URL from an inbound link to your site with a page it has already crawled. What’s worse is that you risk having your page rank hurt with Google because it thinks you’re serving duplicate content, ouch!
Take one look on Google and you’ll see millions of results that contain jsessionid in the URL, those pages will have a tougher time ranking well against competitors that have consistent URL’s for users and crawlers.
The intention is good: allow sessions to work for users that don’t have cookies enabled. In reality it never worked that well though because most sites use c:url sporadically to properly encode URL’s and most sites require cookies as a site policy anyhow. The PHP session handling code has the same issue which many folks have battled with, fortunately for PHP users, it’s an option you can disable in your php.ini by setting session.use_only_cookies.
At GreatSchools we wrote our own version of c:url since we couldn’t find any way to disable c:url from writing out jsessionid’s. I think the time is right to make session handling with cookies only the default because it’s the more common scenario and that particular “feature” has caused more problems than the good it was initially intended to do.