Container sees that you called request.getSession()on the FIRST request and realizes that it needs to start a new session with this client, the container sends the response with both a "Set-Cookie" header for the session ID, and the session ID appended to the URLs (assuming you used response.encodeURL())
let us consider that this client accepts cookies.
Now my doubt is whether the SECOND request from this client contains cookies as part of its request or jsessionid will also be appended to the URL or both?
I have one more question with me?
Some banking websites such as www.icicibank.com, MUST encode URL, despite end-user accepts cookies or not. How one can encode URL even when end user supports cookies as container may not want to set cookies because of security constraints?
Bosun (SCJP, SCWCD)
So much trouble in the world -- Bob Marley
Joined: Aug 13, 2007
So you mean to say that, for the second request to the server, session id will be appended to URL AND the session will be enclosed in cookies too. When the container receives this request, it will check whether the end user accepts cookies or not. But how could the container know that the end user is accepting cookies? Because when the container uses request.getSession() it's going to get session id either from URL or from inside cookie. There by it can not say where it is coming from?
My another question is...
Do we have separate pages/coding for same application which accepts cookies and which not accepts cookies?
If there is a requirment where one MUST has to overwrite URL even the end user accepts cookies, can we accomplish this? If so, could you please tell me?
You appear confused when you say >> Because when the container uses request.getSession() it's going to get session id either from URL or from inside cookie. << Container is the one implementing getSession. The web application residing in the container uses it.