We are using an out-of-box web application developed in Java.I do not have access to the code. I was checking how the applications maintains it state.
This is what i did:
I turned off the cookies, logged into the application, copied the url (along with sessionid) in a new browser and was able to get the maintain the session.
But with cookies turned on; When i log in to the application,the url,has tag like /app?service=external/AdminDimension&sp=1&sp=2which tells the page in the application.
I copied the url and pasted in a new browser, it goes the specified page, but when you click on the other tabs, it says login has expired.
One thing i cannot get is why with cookies, i cannot keep the state in different with url-rewriting i am able to do that.
As per Maha anna posting
"URLRewring is nothing but 'get the jsessionid from URL itself' kind of (NOT from cookie). What it really means is when you make a request to the web appln you APPEND the extra jsessionid info in the URL itself so that the web application can know which session belongs to this particular user. "
Can you restrict the cookies on be restricted to one instance of browser or what ?