Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Is there a standard for cookie names used for session IDs?

 
Jay Howard
Greenhorn
Posts: 6
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tomcat uses "JSESSION", IIS uses "ASPSESSIONID", etc.

How does a browser know which cookie names to treat as session IDs, i.e. which ones it should send back with subsequent requests?
 
Nathaniel Stoddard
Ranch Hand
Posts: 1258
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The browser doesn't know, nor care, about what version or type of server the pages are being fetched from. The browser will send all cookies it has (for the server) to the server each time a page is fetched. That way the server is guaranteed to get back the cookie it needs to do session management.

As you can see, the session ID cookie name differs for different web servers.
 
Jay Howard
Greenhorn
Posts: 6
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The browser doesn't know, nor care, about what version or type of server the pages are being fetched from. The browser will send all cookies it has (for the server) to the server each time a page is fetched. That way the server is guaranteed to get back the cookie it needs to do session management.

In IE, at least, there's an option in Privacy->Advanced to "Always allow session cookies". So I thought it must have some criteria built in for recognizing which cookies are session cookies and which aren't. It must also have some method for determining which cookies it should keep around after closing...
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic