Skip to Main Content
Feature Request FR-4099
Product Area Developer Experience
Status OPEN

24 Voters

Add option to remove session ID from URLs

philipp hartenfeller Public
· Nov 11 2024

Idea Summary
Correct me if I am wrong, but my impression is that adding the session ID to the URL has only a benefit if you use session cloning (open in new tab with an isolated session) to keep track of which session to use. In general, the session cookie is enough to match a request to a session.

From my impression, session cloning is not used often, and I see disadvantages of having the session in the URL:

  • It is not useful in locating a resource.
  • It makes bookmarks, sharing or copying links, etc. complicated because opening a link with a hard-coded session ID will kill your currently active session with a different session ID. Without the session ID in the URL, I would expect opening a link to just re-use the currently active session.
  • It is bad UX: non-technical users will not understand this concept and just think that there is something wrong with the app.
  • It is bad for SEO/Web Crawlers. As someone running public APEX apps, I get massive loads of web crawlers that get a unique URL (thanks to the session ID) on every visit and expect different content. So they try again and again to crawl the page.

I also want to emphasize the point that APEX is super unique in this behavior. I don't know of any other website framework that adds session context to URLs.

Use Case
General User Experience and public-facing apps.

Preferred Solution (Optional)
Switch in Application Attributes next to “Friendly URLs”, which disables session IDs in URLs. It could either disable session cloning or add the session ID to any cloned session.

This idea is open.

Comments

Comments

  • ino.laurensse OP 3 weeks ago

    You can see on the Community Forum that there is no session id in the URL. But that is actually an ugly hack:

        if (!inPWA()) {
           let orgUrl = new URL(window.location);
           window.addEventListener('DOMContentLoaded', (event) => {
               window.history.replaceState({}, '', `https://forums.oracle.com/ords/apexds/post/session-in-url-causes-problems-in-saved-bookmarks-6474${orgUrl.hash}`);
           });
    

    You still see the original URL briefly when the page loads.