D. When using cookies for session tracking , the name of the session tracking cookie must be JSESSIONID
But in Page 237 its given (In last A: ) And while tomcat adds "jsessionid=" in the rewritten url another vendor might append only session id itself.
Does this mean for cookies "JSESSIONID" is defined by spec and for url rewriting jsessionid is vendor specific?
Joined: Feb 24, 2005
When the cookies are disabled in the client side, session id must be included as one of the parameters in the URL to do session handling and the parameter name must be "jsessionid" (as defined in the spec). To achieve this, we use encodeRedirectURL(url) or encodeURL(url) methods in the HttpServletResponse interface. The passed url string will be modified if encoding is required or returns the url unchanged if not. The implementation of these two methods are vendor specific, but the intention of these methods are to add the jsessionid as one of the parameter to the given url. The way jsessionid added to the url can be vendor specific, the only restriction is the name of the parameter should be "jsessionid". I hope you are satisfied with the explanation.