Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Doubts on Cookie..

 
Micheal John
Ranch Hand
Posts: 344
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

I have a small doubt regarding the Cookies. pls advice whether the below mentioned steps are correct..

1. First we are getting the session (new/existing) by using HttpSession session = request.getSession();

2. On requesting the getSession() to the container, the container will create a unique session id and make a new cookie object and assoicate the session id with the cookie and send it back to the client.

My doubts starts from here:

3. The client can accept/reject the cookie. If the cookie is disabled in the browser then the client can't get the cookie. Since the cookie is not received by the client, there will be any notification to the container about this..?

4. If not,i.e. container is not aware/care about whether the cookie is got by the client, then the client is sending the request, which is the continuation of first one and how the container knows whether it is the continuation and not a new request..?

I am strucking some where..pls advice on it..
[ January 06, 2007: Message edited by: Micheal John ]
 
Joe Harry
Ranch Hand
Posts: 10106
3
Eclipse IDE Mac PPC Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Michael,

Look at page 236 of the HFSJ under the Question that starts line "wait a minute...how DOES the Container know that cookies aren't working?...." There is a wonderful explanation for this over here.
 
Sanjeev Ba
Ranch Hand
Posts: 40
Android Chrome Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi John,
Regd. your question.
"3. The client can accept/reject the cookie. If the cookie is disabled in the browser then the client can't get the cookie. Since the cookie is not received by the client, there will be any notification to the container about this..?"

NO. If the client's browser does not accept cookies, the browser will ignore the Set-Cookie header which our container sent in its response. However, the container is not notified about whether the client browser accepted the cookies or not. Which is the reason why we have URL rewriting and hidden form field mechanisms, that will ensure that the client sends the cookie irrespective of whether the browser supports cookies or not.


Your next question was :
"4. If not,i.e. container is not aware/care about whether the cookie is got by the client, then the client is sending the request, which is the continuation of first one and how the container knows whether it is the continuation and not a new request..?"


As mentioned earlier, the container would not know, if it is a new session or an existing one, unless it does URL rewriting or uses hidden form fields in its response. If the client browser, does not support Cookies and the Container does not use URL rewriting or hidden form fields, then managing sessions is going to be very very difficult.


For more details refer to.
http://www.webperformanceinc.com/support/load_testing/manual/Session_Tracking.html

Hope this helps.
Regards
Sanjeev
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic