| Author |
Cookies and HTTPSession
|
Andy Hahn
Ranch Hand
Joined: Aug 31, 2004
Posts: 225
|
|
I have a question regarding HTTPSession and cookies. I understand that the HTTPSession creates a cookie that contains the jsessionid and places it onto the client's machine (as a non-persistent cookie) behind the scenes. So, what if the client has cookies disabled in the browser? Does that mean that the user cannot use a session.
If this were the case, what would the following code return?
HTTPSession session = request.getSession();
Thanks!
|
 |
Steve McCann
Ranch Hand
Joined: Oct 20, 2004
Posts: 81
|
|
Hi Andy
The HttpSession does not create cookies. You can usually configure the server to use cookies to keep track of sessions but if you want to use them you need to create one using code and place it in the Response (or HttpServletResponse). Nothing to do with the Session.
Steve
[ November 01, 2005: Message edited by: Steve McCann ]
|
|
Bear Bibeault
Author and ninkuma
Marshal
Joined: Jan 10, 2002
Posts: 56183
|
|
but if you want to use them you need to create one using code
Completely incorrect. In order for the container to keep track of sessions using cookies you need do absolutely nothing in the code.
In the case where cookies are disabled in a browser, sessions can be tracked using URL-rewriting which places the session key on the URLs for tracking.
|
[Smart Questions] [JSP FAQ] [Books by Bear] [Bear's FrontMan] [About Bear]
|
|
Steve McCann
Ranch Hand
Joined: Oct 20, 2004
Posts: 81
|
|
Completely incorrect. In order for the container to keep track of sessions using cookies you need do absolutely nothing in the code.
Sorry - I don't think I explained what I meant very clearly. I was thinking in terms of a specific use for your app not to track sessions.
Steve
|
|
Steve McCann
Ranch Hand
Joined: Oct 20, 2004
Posts: 81
|
|
...and my comment about using them in your app is completely irrevelant to the original question.
Appologies for the waffle.
:roll:
Steve
[ November 02, 2005: Message edited by: Steve McCann ]
|
|
Bosun Bello
Ranch Hand
Joined: Nov 06, 2000
Posts: 1506
|
|
As mentioned by Ben, the Httpsession actually uses cookies to implement session tracking. And, you are correct, it creates a cookie that contains the jsessionid and places it onto the client's machine. If the client disables cookies, it will try to USE URL rewriting. I said try because, you servlet has to actually code for URL rewriting by encoding any URL�s generated within the servlet. Which will append the session key to the end of the URL. The point is URL rewriting is not automatic. I hope this makes a little bit of sense 
|
Bosun (SCJP, SCWCD)
So much trouble in the world -- Bob Marley
|
|
Andy Hahn
Ranch Hand
Joined: Aug 31, 2004
Posts: 225
|
|
|
Thanks everyone. It makes total sense.
|
|
 |
|
|
subject: Cookies and HTTPSession
|
|
|
0
