i am using
tomcat.
if i use jsessionid=617AA28660D5C1B1408543C24B186A75 in url to send session id to server, response does not put it in cookie, so if redirect happens, a completely new session will be created.
is it a bug or http specification?
i can't find anything about it in rfc though.
or is there any configuration about it in tomcat?