Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

wich session tracking techniwue to use

 
ramana gonind
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
which session tracking we have to use,in which situation we have to go for http session,cookies,url rewriting and hidden form fields.Can anybody explain me in detail
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

http session,cookies,url rewriting

These are essentially the same thing. Both cookies and URL Rewriting are mechanisms used to support the HTTPSession. You use cookies or URL Rewriting depending on what the browser is configured to support. Its good practice to ensure your application supports both.

Persistent cookies (i.e. those that appear as files on the client's machine) are a different matter. These are nothing to do with the HTTPSession. You would use these to track more long term data. For example, if you come accross a site that has a "remember me" option that pre-fills the username field of the login screen (as for example Amazon does) this is probably implemented using a cookie. You should not store any data in this sort of cookie that is in any way sensitive.
 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Paul Sturrock:

Both cookies and URL Rewriting are mechanisms used to support the HTTPSession.


Hi Paul Sturrock,

sorry i have some doubt that
-------------------------------------------------------
whether it support HTTPSession or session ID
--------------------------------------------------------
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry, I don't understand your question. Whether what supports HTTPSession and session ID?
 
subodh gupta
Ranch Hand
Posts: 203
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi paul if we have to store the password in the remember me functionality what should we do or what's the alternative for the same
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If it were me, I'd argue with whoever set the requirements to change them. You can set anything you like in a cookie within reason. It whether you should that is the issue.

If their driver is that they don't want people to have to enter security credentials to access a secure resource, I'd point them at "pass through" authentication instead.
[ September 11, 2008: Message edited by: Paul Sturrock ]
 
sreedhar Lackka
Ranch Hand
Posts: 154
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Subodh,
Why dont you encrypt your information?
 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Paul Sturrock:
Sorry, I don't understand your question. Whether what supports HTTPSession and session ID?


Hi sorry paul yesterday i left to the home early...


my question is Cookies and url rewriting are just passing the session-id (JSESSIONID=0aaaddyyccbb) between client and server right? and

i think
HttpSession is different used to create the session-id

please correct me if i am wrong
[ September 11, 2008: Message edited by: seetharaman venkatasamy ]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic