This week's book giveaways are in the Refactoring and Agile forums.
We're giving away four copies each of Re-engineering Legacy Software and Docker in Action and have the authors on-line!
See this thread and this one for details.
Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Agile forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Is cookies are mandatory for session management?

 
Nagaraj Shivaklara
Ranch Hand
Posts: 78
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Can you please explain me why cookies needs to be enabled for the session? without cookies cant we have session?

Thanks
Nagaraj
 
Tim Moores
Bartender
Posts: 2675
33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, cookies are not needed for session handling. There is another mechanism called "URL rewriting" which can be used instead. Note that this requires all URLs sent to the client to be treated especially.
 
Rob Spoor
Sheriff
Pie
Posts: 20495
54
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim is right. The server should check if cookies are enabled, and if not it should add the session ID to the URLs. You can do this with HttpServletResponse's encodeRedirectURL and encodeURL methods.
 
Saifuddin Merchant
Ranch Hand
Posts: 607
Firefox Browser Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Rob Spoor wrote:You can do this with HttpServletResponse's encodeRedirectURL and encodeURL methods.


or use a framework that does the hard work for you. Most (or is it all ?) web frameworks do this for you behind the scene.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic