I have a request at work to skip JSESSIONID in httpservlet response header cookie in some cases. We use Spring 5 and Java 17. I know that new session is created on request.getSession(), but can not find where is the moment in servlet/spring code when cookie is set in response. It looks like it is marked as unmodified.
Any idea? At least to know where that cookie is set in response, so I can try some override.
Thanks.
My idea was to add a filter in FilterChain where cookie would be removed. Also req.getSession(false) is not an option.
Also I tried alternative to create a HttpServletResponse wrapper in filter, where I override add/setHeader() & addCookie() methods, but looks like it is not called during setting header "Set-Cookie -> JSESSIONID=******" .