The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Confused by session management. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Confused by session management." Watch "Confused by session management." New topic

Confused by session management.

Zhixiong Pan
Ranch Hand

Joined: Jan 25, 2006
Posts: 239
Hi ranchers,
Because of the lack experience, I am not able to understand session management well. Here is an coding example, and I was trapped in some steps. Please give me some advices.
1. Copy the web.xml deployment descriptor from Exercise 4-1. You'll recall that this
declared the SessionDisplayer servlet.
2. Change each occurrence of SessionDisplayer (name of servlet, name of class,
URL pattern for mapping) to SessionDisplayer2.
Update the SessionDisplayer2 Servlet
3. Copy the Java source file for SessionDisplayer.Java from ex0402/WEBINF/
classes (or its appropriate package directory) to ex0402/WEB-INF/classes (or
appropriate package directory), and rename it to SessionDisplayer2 (make sure
the class declaration reflects this as well).
4. In the code�if you haven't done so already�put an "href" link that recalls this
same SessionDisplayer2 servlet. Encode the URL using the appropriate
HttpServletResponse method.
5. In the web page, display some text that shows whether the session came from the
JSESSIONID cookie or from the URL.
6. Optionally, use the request's get Cookies method to get hold of the
JSESSIONID cookie, and display all the attributes of the cookie that you can on
the web page.
Run the Updated SessionDisplayer2 Servlet
7. Deploy and run the servlet, using a URL such as
9. You're most likely to find that your browser uses cookies as the session
mechanism. To test out the URL redirection method, try turning off cookies
altogether in your browser�or target the domain where your web server (Tomcat)
is running, usually localhost /, and turn off cookies for that. Ensure that
you restart your browser before expecting URLs to be used instead of cookies.
10. The screen print below shows part of the output from the solution code, when the
session information is delivered through the JSESSIONID cookie.

I have prepared SessionDisplayer, and not clear about how to realize step 4 and 5 and its purpose. Thank you.

Christophe Verré

Joined: Nov 24, 2005
Posts: 14688

4. HttpServletResponse has methods called encodeURL and encodeRedirectURL, depending on what you want to do. Purpose : support for url rewriting (session tracking mechanism)
5. HttpServletRequest has a method called getKookies() where you can check if the JSESSIONID cookie is present. Purpose : determine which session tracking mechanism is being used.

You should read something about "Session Tracking Mechanisms" for servlets.

NOTE : I had to rename the getKookie method otherwise I could not post. It should be "C" instead of "K"
[ March 23, 2007: Message edited by: Satou kurinosuke ]

[My Blog]
All roads lead to JavaRanch
Zhixiong Pan
Ranch Hand

Joined: Jan 25, 2006
Posts: 239
Hi Satou,
Glad to hear your voice again
I programmed as following:

Can I summarize that encodeURL will always create a cookie?Thank you.
NOTE : I also renamed the getKookie method.
arun shanmugam kumar

Joined: Apr 02, 2005
Posts: 25
Acording to servlet specs and HFSJ:

The container prepares and send both cookie and url rewriting mechanisms to client side to track session.

From the second time onwards

If browser disables cookie then container uses url rewriting, only if encodeURL method is used to encode the url, to track the subsequent requests.

If browser accepts cookie then cookies are used instead of url rewriting.
I agree. Here's the link:
subject: Confused by session management.
It's not a secret anymore!