File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes HttpSession API for Session Management Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "HttpSession API for Session Management" Watch "HttpSession API for Session Management" New topic

HttpSession API for Session Management

Nijeesh Balan
Ranch Hand

Joined: Oct 09, 2000
Posts: 116
Hi All,
We are using HttpSession API for session management. (i.e) request.getSession( ) etc., etc.,
Now, the question is
1. How is the session managed? Is it through the cookies?
2. In WebSphere under Services->Session Manager Service we have the options of choosing Cookies or URL-rewriting for session Management. Say, If I choose both, then if the client disables the cookies in the browser will it still work?
Please clarify these queries ASAP.
Thanks & Regards,

Thanks & Regards,<br />Nijeesh.
Sam Wang
Ranch Hand

Joined: Jul 17, 2001
Posts: 95
Cookies or URL-rewriting for session Management
is transparent to developer and user in J2EE.
If browser is disable cookie,then URL-rewriting
will be used,but one time only one is be used,not
Any wrong with my opinion?

Mike Curwen
Ranch Hand

Joined: Feb 20, 2001
Posts: 3695

Session management will still work if the client refuses cookies.. but only if you make sure all of your URLS (in both JSP and servlets) are run through the encodeURL() method of the HttpServletResponse object.

From the API:
For robust session tracking, all URLs emitted by a servlet should be run through this method.
Otherwise, URL rewriting cannot be used with browsers which do not support cookies.
I agree. Here's the link:
subject: HttpSession API for Session Management
It's not a secret anymore!