[jira] [Closed] (OFBIZ-6872) Remove all sessionsIds put in URLs

> Remove all sessionsIds put in URLs
> ----------------------------------
>
>                 Key: OFBIZ-6872
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-6872
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: framework
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>             Fix For: Upcoming Branch
>
>
> We should always use sessionIds in cookies and newer have sessionsIds in URLs. So I will remove all sessionsIds in URLs. There are 2 cases:
> #    the part related to spiders in RequestHandler
> #    HtmlFormRenderer.appendExternalLoginKey() (there is also an appendExternalLoginKey method in MacroFormRenderer class but it's not used OOTB)
> There are also many cases where we show the sessionId in logs (using UtilHttp.getSessionId()) I wonder if we should not keep those commented out or change the debug info level. Also HttpSessionEvent.getSession().getId() is directly used in some places for the same purpose (log)