File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JSP and the fly likes Sessions without cookies possible? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "Sessions without cookies possible?" Watch "Sessions without cookies possible?" New topic

Sessions without cookies possible?

Robert Jaeger
Ranch Hand

Joined: Apr 29, 2002
Posts: 62
I am planning to use Apache 2/Tomcat 4 for a web project for my thesis.
One important fact is that I have to control user sessions without using cookies.
During the whole visit on the webpage I want to control the user�s language selection. Moreover, if the user has logged in, I want to store some more values (his rights, country, ...) in the session.
Which possibilities do I have?
I read about url-encoding, but I think that is a lot of work (I have to encode every link, submit button, ...!).
I could use JavaBeans to store formular field values, but not every page has a formular.
Do I need to create for every session a file or database entry to save user parameters and values there or can I save them in the session?
How can I get access to user information on every webpage(sessionid, language selection, login time, inactive time, country, rights, ...) without using cookies?
I am a Tomcat/Java/JSP beginner, but interested in using this technology for my project (I think it is very powerful), so if somebody has a good idea I would be very happy!
Hope someone can help me, thanks in advance,
Robert J�ger
Jessica Sant

Joined: Oct 17, 2001
Posts: 4313

I think urlEncode() is your best solution -- it will take care of all that stuff for you (SessionId, Timeout, etc). Basically if cookies aren't enabled, it will simply tack on the JSESSIONID parameter onto the URL, and then the appserver will use that as the session identifier.
Plus... adding urlEncode to each of your links is going to be a lot easier than developing your own session management (more portable that way too if you decide to go to an enterprise application server).
[ June 23, 2002: Message edited by: Jessica Sant ]

- Jess
Blog:KnitClimbJava | Twitter: jsant | Ravelry: wingedsheep
Robert Jaeger
Ranch Hand

Joined: Apr 29, 2002
Posts: 62
Thanks for your advice! I will use this solution!
Greetings from Vienna,
Robert Jaeger
Randall Twede
Ranch Hand

Joined: Oct 21, 2000
Posts: 4351

way to go...i felt real bad telling them they need cookies enabled to get in

Visit my download page
Anthony Villanueva
Ranch Hand

Joined: Mar 22, 2002
Posts: 1055
You can also use hidden form fields.
I agree. Here's the link:
subject: Sessions without cookies possible?
It's not a secret anymore!