• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

cookies,encodeUrl,jsessionid confusion

 
aleem khan
Ranch Hand
Posts: 94
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

I am really confused with all three concepts , looked into various tutorials etc but each one is contradicting
Hence i am compiling questions
1)For managing session does user has to explicitly do encodeUrl if cookies are turned off by browser?
2)In some of the tutorials i came to know user doesn't have to do anything the server will
gerneate jsessionId automatically and server will send that to browser , user doesn't need to do anything
he has to only call this HttpSession.getSession(true);

3)If server is maintaining the session automatically then why we have
concepts like Cookie.addCokie() or encodeURL . It is better we can leave this to server
automatically which will generate and jsession id

4) Please some one tell the exact steps which a developer has to do so that he can maintain session even when cookies are turned off
 
Balu Sadhasivam
Ranch Hand
Posts: 874
Android Java VI Editor
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
1)For managing session does user has to explicitly do encodeUrl if cookies are turned off by browser?


Yes , expilicty call the response encodeURL method for all the page links if you want to handle cookies disabled browser clients too
2)In some of the tutorials i came to know user doesn't have to do anything the server will
gerneate jsessionId automatically and server will send that to browser , user doesn't need to do anything
he has to only call this HttpSession.getSession(true);


Its partially true , i guess you dint read the before or after para of this in the referred tutorials. The user has to do "encodeURL" and everything else like adding sessionID , checking for cookies header are taken by the container. Thats what they meant by above.

3)If server is maintaining the session automatically then why we have
concepts like Cookie.addCokie() or encodeURL . It is better we can leave this to server
automatically which will generate and jsession id


Cokies does not only contain sessionID , Cookie.addCookie can be used to store some useful informations in the Client , say the preferences of the Client and when next time the client reaches server , server would load the Client preferences without ever asking the CLient again.


Its safe to use encodeURL method for all links as you never which client has restricted browser settings. But if you opt for cookies instead encodeURL , then instruct/alert the user to turn on the cookies before user can say Login or register.
 
aleem khan
Ranch Hand
Posts: 94
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks

So in general
1)use cookie if you want to have user preference along with session management
2)use encodeURL if cookie is turned off (basically by checking if cookie is present)

Hence developers have to only keep these 2 things in mind
addcookie(if i want preference) and encodeURL , rest all is done by server


I was under impression that we have to get jsessionid from server and then append them
with cookie and then append them with URL (encodeURL).

Thanks for your clarification
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic