This week's book giveaway is in the Clojure forum.
We're giving away four copies of Clojure in Action and have Amit Rathore and Francis Avila on-line!
See this thread for details.
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HttpSession API for Session Management

 
Nijeesh Balan
Ranch Hand
Posts: 116
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
We are using HttpSession API for session management. (i.e) request.getSession( ) etc., etc.,
Now, the question is
1. How is the session managed? Is it through the cookies?
2. In WebSphere under Services->Session Manager Service we have the options of choosing Cookies or URL-rewriting for session Management. Say, If I choose both, then if the client disables the cookies in the browser will it still work?
Please clarify these queries ASAP.
Thanks & Regards,
Nijeesh.
 
Sam Wang
Ranch Hand
Posts: 95
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Cookies or URL-rewriting for session Management
is transparent to developer and user in J2EE.
If browser is disable cookie,then URL-rewriting
will be used,but one time only one is be used,not
both.
Any wrong with my opinion?
 
Mike Curwen
Ranch Hand
Posts: 3695
IntelliJ IDE Java Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Session management will still work if the client refuses cookies.. but only if you make sure all of your URLS (in both JSP and servlets) are run through the encodeURL() method of the HttpServletResponse object.

From the API:
For robust session tracking, all URLs emitted by a servlet should be run through this method.
Otherwise, URL rewriting cannot be used with browsers which do not support cookies.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic