File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes HttpSession when cookies are disabled Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "HttpSession when cookies are disabled" Watch "HttpSession when cookies are disabled" New topic

HttpSession when cookies are disabled

kanchan ganu

Joined: Jan 29, 2003
Posts: 2
I have a question onthe functioning of HttpSession Object of servlet api
I believe it uses cookies to manage session, my question is how HttpSession handles session when cookies are disabled in the browser.
Is there a specific solution to this in struts framework?
Is the behaviour of HttpSession will be same on all the webservers if cookies are disabled.
I think there is some setting needs to be done in websphere to use URLRewriting if cookies are disabled. But I am not sure if it true for all web servers.
Please help me understand this.
Thanks & Regards
Sudd Ghosh
Ranch Hand

Joined: Oct 23, 2002
Posts: 187
In Tomcat, you only have to use the following HttpServletResponse method:
public java.lang.String encodeURL(java.lang.String url)
This will encode the URL with the jsessionid only if encoding is needed (ie, it doesn't support cookies, etc..). For sendRedirect(), use encodeRedirectURL().
Thnaks, Sudd

kanchan ganu

Joined: Jan 29, 2003
Posts: 2
Hi Ghosh,
Thanks for ur reply.
I have a question now, if we should always use encodeURL for every url and encodeRedirectURL() for sendRedirect()
or we should check if cookies are disabled then only use thse methods.
also is there any specific method in servlet API to check if cookies are enabled or not?
Mike Curwen
Ranch Hand

Joined: Feb 20, 2001
Posts: 3695

It's a good idea to always use the encoding methods for *every* URL that is emitted by both your servlets and JSPs. As the API says, they will not bother re-writing URLS if the browser supports cookies, so you have nothing to loose by using them all the time (and lots to gain).

As for checking if cookies are enabled, the only way to do this is to try to set a cookie and on the next request, see if you can retrieve the cookie.
I agree. Here's the link:
subject: HttpSession when cookies are disabled
It's not a secret anymore!