The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Doubts on Cookie.. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Doubts on Cookie.." Watch "Doubts on Cookie.." New topic
Author

Doubts on Cookie..

Micheal John
Ranch Hand

Joined: Nov 01, 2006
Posts: 344
Hi all,

I have a small doubt regarding the Cookies. pls advice whether the below mentioned steps are correct..

1. First we are getting the session (new/existing) by using HttpSession session = request.getSession();

2. On requesting the getSession() to the container, the container will create a unique session id and make a new cookie object and assoicate the session id with the cookie and send it back to the client.

My doubts starts from here:

3. The client can accept/reject the cookie. If the cookie is disabled in the browser then the client can't get the cookie. Since the cookie is not received by the client, there will be any notification to the container about this..?

4. If not,i.e. container is not aware/care about whether the cookie is got by the client, then the client is sending the request, which is the continuation of first one and how the container knows whether it is the continuation and not a new request..?

I am strucking some where..pls advice on it..
[ January 06, 2007: Message edited by: Micheal John ]

Micheal John
SCJP 1.4 (86%), SCWCD 1.4 (86%), SCBCD 1.3 (85%), SCDJWS (Just Started...) - Satisfaction Lies in Our EFFORT, Not in the ATTAINMENT
Joe Harry
Ranch Hand

Joined: Sep 26, 2006
Posts: 9618
    
    2

Michael,

Look at page 236 of the HFSJ under the Question that starts line "wait a minute...how DOES the Container know that cookies aren't working?...." There is a wonderful explanation for this over here.


SCJP 1.4, SCWCD 1.4 - Hints for you, Certified Scrum Master
Did a rm -R / to find out that I lost my entire Linux installation!
Sanjeev Ba
Ranch Hand

Joined: Dec 31, 2006
Posts: 40

Hi John,
Regd. your question.
"3. The client can accept/reject the cookie. If the cookie is disabled in the browser then the client can't get the cookie. Since the cookie is not received by the client, there will be any notification to the container about this..?"

NO. If the client's browser does not accept cookies, the browser will ignore the Set-Cookie header which our container sent in its response. However, the container is not notified about whether the client browser accepted the cookies or not. Which is the reason why we have URL rewriting and hidden form field mechanisms, that will ensure that the client sends the cookie irrespective of whether the browser supports cookies or not.


Your next question was :
"4. If not,i.e. container is not aware/care about whether the cookie is got by the client, then the client is sending the request, which is the continuation of first one and how the container knows whether it is the continuation and not a new request..?"


As mentioned earlier, the container would not know, if it is a new session or an existing one, unless it does URL rewriting or uses hidden form fields in its response. If the client browser, does not support Cookies and the Container does not use URL rewriting or hidden form fields, then managing sessions is going to be very very difficult.


For more details refer to.
http://www.webperformanceinc.com/support/load_testing/manual/Session_Tracking.html

Hope this helps.
Regards
Sanjeev
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Doubts on Cookie..