This week's book giveaway is in the General Computing forum. We're giving away four copies of Arduino in Action and have Martin Evans, Joshua Noble, and Jordan Hochenbaum on-line! See this thread for details.
Hi all I have read the servlet specifications and there are a few points I'm quite confused regarding session. From what I have read, it seem that to support session management, you can do either (1) cookies or (2) url rewriting e.g. http://...;jsessionid=1234. Normally when we need to get/create a session, we need to use something like HttpServletRequest.getSession(); within the servlet. Does this method still works if the site is http (not https) without the above rewritting ? I thought it should not be working as http is a stateless protocol ? I have created a small servlet using the getSession() and it worked. Is this due to cookies or the browser handles the jessionid automatically ? Thanks in advance.
http is stateless, that is why you "add" statefulness with cookies or URL re-writing. https is stateful so you dont need (in theory) cookies or URL re-writing -- the protocol itself does all that. In practice you dont normally need to worry about it, as the app-server should handle it all for you transparently.
If your browser doesn't support cookies, then URL re-writing is what needs to be done. The session id is then writen into all URLs emmited by your servlet or JSP's.
So the bottom line is, sessions in JSP/Servlet land are *actually* identified by a jsessionid cookie. If a particular client doesn't allow cookies, then this id needs to be written into the URL.
I agree. Here's the link: http://ej-technologies/jprofiler - if it wasn't for jprofiler, we would need to
run our stuff on 16 servers instead of 3.
0
