wood burning stoves 2.0*
The moose likes Servlets and the fly likes encodeURL Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "encodeURL" Watch "encodeURL" New topic


sitaram irrinki
Ranch Hand

Joined: Feb 16, 2005
Posts: 158
When cookies are disabled on the browser, the Set-Cookie header sent by the Container will be ignored by the browser. But when the cookie with JSessionId is generated by the container , can't we get that id (using application.log() or System.out.println(session.getId()) and can't we manually type this id after the url (Like http://localhost:7001/app/two;JSessionId=-----------) without using URL rewriting technique. I have read this is not allowed and anyhow the end user will not be able to do this.
I agree. Here's the link: http://aspose.com/file-tools
subject: encodeURL
Similar Threads
disable jsession id
jsessionid in URL
Session management ambiguity
Confusion between Cookie and JSession
Session and cookies