Spring Boot Misconfiguration: Unsafe value for session tracking
Description
This web application is configured to support session tracking by cookies and URLs. The session tracking by URL is also known as "URL rewriting" wherein you see the ;jsessionid=id to appear in URLs. This will be triggered automatically when the client has cookies disabled. It's recommended to disable tracking by URL, and explicitly specify a tracking mode by cookie only.
Remediation
Change the value for <strong>server.servlet.session.tracking-modes</strong> in Spring properties file: <pre> server.servlet.session.tracking-modes=COOKIE </pre>