aspose file tools*
The moose likes Servlets and the fly likes wich session tracking techniwue to use Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "wich session tracking techniwue to use" Watch "wich session tracking techniwue to use" New topic
Author

wich session tracking techniwue to use

ramana gonind
Greenhorn

Joined: May 20, 2008
Posts: 10
which session tracking we have to use,in which situation we have to go for http session,cookies,url rewriting and hidden form fields.Can anybody explain me in detail
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336


http session,cookies,url rewriting

These are essentially the same thing. Both cookies and URL Rewriting are mechanisms used to support the HTTPSession. You use cookies or URL Rewriting depending on what the browser is configured to support. Its good practice to ensure your application supports both.

Persistent cookies (i.e. those that appear as files on the client's machine) are a different matter. These are nothing to do with the HTTPSession. You would use these to track more long term data. For example, if you come accross a site that has a "remember me" option that pre-fills the username field of the login screen (as for example Amazon does) this is probably implemented using a cookie. You should not store any data in this sort of cookie that is in any way sensitive.


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

Originally posted by Paul Sturrock:

Both cookies and URL Rewriting are mechanisms used to support the HTTPSession.


Hi Paul Sturrock,

sorry i have some doubt that
-------------------------------------------------------
whether it support HTTPSession or session ID
--------------------------------------------------------
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

Sorry, I don't understand your question. Whether what supports HTTPSession and session ID?
subodh gupta
Ranch Hand

Joined: Jul 23, 2007
Posts: 203
hi paul if we have to store the password in the remember me functionality what should we do or what's the alternative for the same


http://subodh-gupta.blogspot.com
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

If it were me, I'd argue with whoever set the requirements to change them. You can set anything you like in a cookie within reason. It whether you should that is the issue.

If their driver is that they don't want people to have to enter security credentials to access a secure resource, I'd point them at "pass through" authentication instead.
[ September 11, 2008: Message edited by: Paul Sturrock ]
sreedhar Lackka
Ranch Hand

Joined: Jul 05, 2008
Posts: 154
Subodh,
Why dont you encrypt your information?
Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

Originally posted by Paul Sturrock:
Sorry, I don't understand your question. Whether what supports HTTPSession and session ID?


Hi sorry paul yesterday i left to the home early...


my question is Cookies and url rewriting are just passing the session-id (JSESSIONID=0aaaddyyccbb) between client and server right? and

i think
HttpSession is different used to create the session-id

please correct me if i am wrong
[ September 11, 2008: Message edited by: seetharaman venkatasamy ]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: wich session tracking techniwue to use