jQuery in Action, 2nd edition*
The moose likes Servlets and the fly likes Is there a standard for cookie names used for session IDs? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Is there a standard for cookie names used for session IDs?" Watch "Is there a standard for cookie names used for session IDs?" New topic
Author

Is there a standard for cookie names used for session IDs?

Jay Howard
Greenhorn

Joined: Mar 01, 2005
Posts: 6
Tomcat uses "JSESSION", IIS uses "ASPSESSIONID", etc.

How does a browser know which cookie names to treat as session IDs, i.e. which ones it should send back with subsequent requests?
Nathaniel Stoddard
Ranch Hand

Joined: May 29, 2003
Posts: 1258
The browser doesn't know, nor care, about what version or type of server the pages are being fetched from. The browser will send all cookies it has (for the server) to the server each time a page is fetched. That way the server is guaranteed to get back the cookie it needs to do session management.

As you can see, the session ID cookie name differs for different web servers.


Nathaniel Stodard<br />SCJP, SCJD, SCWCD, SCBCD, SCDJWS, ICAD, ICSD, ICED
Jay Howard
Greenhorn

Joined: Mar 01, 2005
Posts: 6
The browser doesn't know, nor care, about what version or type of server the pages are being fetched from. The browser will send all cookies it has (for the server) to the server each time a page is fetched. That way the server is guaranteed to get back the cookie it needs to do session management.

In IE, at least, there's an option in Privacy->Advanced to "Always allow session cookies". So I thought it must have some criteria built in for recognizing which cookies are session cookies and which aren't. It must also have some method for determining which cookies it should keep around after closing...
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Is there a standard for cookie names used for session IDs?
 
Similar Threads
configure tomcat or apache to share a common session
HttpSession
Session tracking (via session object) Problem
New session created when submitting to a action class from JSP
Difference between Cookies and Session in servlets