Two Laptop Bag*
The moose likes Servlets and the fly likes About sending session ID Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "About sending session ID" Watch "About sending session ID" New topic
Author

About sending session ID

Goran Markovic
Ranch Hand

Joined: Sep 26, 2008
Posts: 399
Hi, I was wondering, should I performed URL rewriting on any link on the the page, that user could click, so sessionid will be sent to my servlet, or cookies do this job ok?
In other words, should I perform URL rewriting constantly, considering that cookies can be disabled by user? Or disabling cookies isn't so frequent that could affect whole "page user population" corruption.
Thanks
Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

Originally posted by Slobodan Erakovic:
should I perform URL rewriting constantly


As far i know ,it is better
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41096
    
  44
Or disabling cookies isn't so frequent

That's impossible to say in general. You'll need to make a decision whether you can afford to require people to use cookies (and thus not support URL rewriting). Requiring cookies will undoubtedly cause some people not to use the application if they have a choice in that matter.


Ping & DNS - my free Android networking tools app
Goran Markovic
Ranch Hand

Joined: Sep 26, 2008
Posts: 399
Ok, so you suggests that each url should be encoded(rewritten) at first place, either if it pointing at .jsp or servlets?
[ December 04, 2008: Message edited by: Slobodan Erakovic ]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41096
    
  44
That's what seetharaman suggests; I suggest to make a conscious decision if you need to do that.
Goran Markovic
Ranch Hand

Joined: Sep 26, 2008
Posts: 399
Well, yes You have right. 'cause, I'm thinking something, It's really a huge job, to rewrite each url in the web apps... Maybe just one of these which are of interest in the user tracking? I mean, if some link lead to some storage place, for file downloading and we do not need anything to know (like number of downloads), we shall not rewrite that links. Just a one which track the user.
Goran Markovic
Ranch Hand

Joined: Sep 26, 2008
Posts: 399
I have one more question about session. Do I need in the each servlet of the web app, to use to maintain user tracking? Isn't it?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41096
    
  44
No, you only need that if you want to access the session object. Once the session is created, the servlet container manages it for you.
Goran Markovic
Ranch Hand

Joined: Sep 26, 2008
Posts: 399
Aha, so I use session creation, only in the "entrance servlets" of my application, right?
[ December 04, 2008: Message edited by: Slobodan Erakovic ]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41096
    
  44
Correct, after the user has been authenticated.
Goran Markovic
Ranch Hand

Joined: Sep 26, 2008
Posts: 399
Ok. I appreciate your help.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: About sending session ID
 
Similar Threads
Session for static pages
Question about URL rewriting
Shopping carts and sessions and cookies, oh my!
Enthruware url rewriting question
Risk on session tracking