This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes Servlet, jsp getSession confused. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Servlet, jsp getSession confused. " Watch "Servlet, jsp getSession confused. " New topic
Author

Servlet, jsp getSession confused.

jamil lusa
Ranch Hand

Joined: Aug 18, 2011
Posts: 59
Hi all,

J2ee has a very good feature which is we can get the session easily under the care of the J2ee, for example, request.getSession() will do the thing for me. but could we use the same mechanism but provide our own session id? because i don't know how J2ee encrypt the session so probably i will want to provide my own session id but i don't want to create a new mechanism to retrieve it because it has been done nicely in J2ee (has mentioned above).

So any suggestion for this?


thanks in advanced.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60816
    
  65

I'm not understanding why you would want to do this. I'd recommend just using the session as is.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
jamil lusa
Ranch Hand

Joined: Aug 18, 2011
Posts: 59
Bear Bibeault wrote:I'm not understanding why you would want to do this. I'd recommend just using the session as is.


It could be due to customer's requirement, since they have their own encryption and maybe they do not want to show the key text as "jsessionId" (i cannot remember the term, something like jxxxxxx) in the client's cookie file. and blah blah blah....
 
 
subject: Servlet, jsp getSession confused.
 
Similar Threads
Multiple Cookies with the name 'JSESSIONID' getting created
Best practice for secure login authorisation
web application with multithreaded sockets
use of hidden fields
multiple sessions and single sign on