• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HttpSession when cookies are disabled

 
kanchan ganu
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey
I have a question onthe functioning of HttpSession Object of servlet api
I believe it uses cookies to manage session, my question is how HttpSession handles session when cookies are disabled in the browser.
Is there a specific solution to this in struts framework?
Is the behaviour of HttpSession will be same on all the webservers if cookies are disabled.
I think there is some setting needs to be done in websphere to use URLRewriting if cookies are disabled. But I am not sure if it true for all web servers.
Please help me understand this.
Thanks & Regards
San
 
Sudd Ghosh
Ranch Hand
Posts: 187
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In Tomcat, you only have to use the following HttpServletResponse method:
public java.lang.String encodeURL(java.lang.String url)
This will encode the URL with the jsessionid only if encoding is needed (ie, it doesn't support cookies, etc..). For sendRedirect(), use encodeRedirectURL().
Thnaks, Sudd
 
kanchan ganu
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ghosh,
Thanks for ur reply.
I have a question now, if we should always use encodeURL for every url and encodeRedirectURL() for sendRedirect()
or we should check if cookies are disabled then only use thse methods.
also is there any specific method in servlet API to check if cookies are enabled or not?
Thanks
Sanjiv
 
Mike Curwen
Ranch Hand
Posts: 3695
IntelliJ IDE Java Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It's a good idea to always use the encoding methods for *every* URL that is emitted by both your servlets and JSPs. As the API says, they will not bother re-writing URLS if the browser supports cookies, so you have nothing to loose by using them all the time (and lots to gain).

As for checking if cookies are enabled, the only way to do this is to try to set a cookie and on the next request, see if you can retrieve the cookie.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic