Meaningless Drivel is fun!*
The moose likes Servlets and the fly likes cookies,encodeUrl,jsessionid confusion Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "cookies,encodeUrl,jsessionid confusion" Watch "cookies,encodeUrl,jsessionid confusion" New topic
Author

cookies,encodeUrl,jsessionid confusion

aleem khan
Ranch Hand

Joined: Aug 07, 2008
Posts: 94
Hi all,

I am really confused with all three concepts , looked into various tutorials etc but each one is contradicting
Hence i am compiling questions
1)For managing session does user has to explicitly do encodeUrl if cookies are turned off by browser?
2)In some of the tutorials i came to know user doesn't have to do anything the server will
gerneate jsessionId automatically and server will send that to browser , user doesn't need to do anything
he has to only call this HttpSession.getSession(true);

3)If server is maintaining the session automatically then why we have
concepts like Cookie.addCokie() or encodeURL . It is better we can leave this to server
automatically which will generate and jsession id

4) Please some one tell the exact steps which a developer has to do so that he can maintain session even when cookies are turned off
Balu Sadhasivam
Ranch Hand

Joined: Jan 01, 2009
Posts: 874

1)For managing session does user has to explicitly do encodeUrl if cookies are turned off by browser?


Yes , expilicty call the response encodeURL method for all the page links if you want to handle cookies disabled browser clients too
2)In some of the tutorials i came to know user doesn't have to do anything the server will
gerneate jsessionId automatically and server will send that to browser , user doesn't need to do anything
he has to only call this HttpSession.getSession(true);


Its partially true , i guess you dint read the before or after para of this in the referred tutorials. The user has to do "encodeURL" and everything else like adding sessionID , checking for cookies header are taken by the container. Thats what they meant by above.

3)If server is maintaining the session automatically then why we have
concepts like Cookie.addCokie() or encodeURL . It is better we can leave this to server
automatically which will generate and jsession id


Cokies does not only contain sessionID , Cookie.addCookie can be used to store some useful informations in the Client , say the preferences of the Client and when next time the client reaches server , server would load the Client preferences without ever asking the CLient again.


Its safe to use encodeURL method for all links as you never which client has restricted browser settings. But if you opt for cookies instead encodeURL , then instruct/alert the user to turn on the cookies before user can say Login or register.
aleem khan
Ranch Hand

Joined: Aug 07, 2008
Posts: 94
Thanks

So in general
1)use cookie if you want to have user preference along with session management
2)use encodeURL if cookie is turned off (basically by checking if cookie is present)

Hence developers have to only keep these 2 things in mind
addcookie(if i want preference) and encodeURL , rest all is done by server


I was under impression that we have to get jsessionid from server and then append them
with cookie and then append them with URL (encodeURL).

Thanks for your clarification
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: cookies,encodeUrl,jsessionid confusion
 
Similar Threads
Session Management
Do I need to "add" encodeURL for "action" tag in this case ?
64 bit jsessionid in Struts
Session Tracking
a question about sessions ...