Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Is cookies are mandatory for session management?

 
Nagaraj Shivaklara
Ranch Hand
Posts: 78
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Can you please explain me why cookies needs to be enabled for the session? without cookies cant we have session?

Thanks
Nagaraj
 
Tim Moores
Bartender
Posts: 2790
38
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, cookies are not needed for session handling. There is another mechanism called "URL rewriting" which can be used instead. Note that this requires all URLs sent to the client to be treated especially.
 
Rob Spoor
Sheriff
Pie
Posts: 20527
54
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim is right. The server should check if cookies are enabled, and if not it should add the session ID to the URLs. You can do this with HttpServletResponse's encodeRedirectURL and encodeURL methods.
 
Saifuddin Merchant
Ranch Hand
Posts: 607
Firefox Browser Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Rob Spoor wrote:You can do this with HttpServletResponse's encodeRedirectURL and encodeURL methods.


or use a framework that does the hard work for you. Most (or is it all ?) web frameworks do this for you behind the scene.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic