investigate removing jsession ids

[dmn]

URLs in GS3 have become even more messy than they were in GS2:

​http://www.greenstone.org/greenstone3/nzdl;jsessionid=E8BFF88D792F4075601045456EC801AD?a=p&sa=about&c=hdl&ct=0

this is meaningless to users, horrible for SEO, a security risk etc:

​http://randomcoder.com/articles/jsessionid-considered-harmful

or at least allowing site/collection maintainers to turn them off.

Most of the time the preferences are never used (I expect) - do we have any evidence they are? The default values should just be that, default and not clutter up the URL.

We could use cookies like everyone else, or provide a session independent URL when necessary. And/or implement the filter as described in the URL above.

Suppose someone wants to remove all the preference - would we still get jsessionids in the URLs?