This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes Session Management Query in Servlets Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Session Management Query in Servlets" Watch "Session Management Query in Servlets" New topic

Session Management Query in Servlets

Vaibhav G Garg
Ranch Hand

Joined: Sep 23, 2011
Posts: 140

I was going through the HTTPSession usage to identify the user sessions. And, got to know that internally it uses COOKIES only to store the session and identify it. And, in most of my projects I have used the HTTPSession object only for session management. But, in case the cookies are disabled by the user, then how this works? Please suggest.

Abhay Agarwal
Ranch Hand

Joined: Feb 29, 2008
Posts: 1080

As far as I know, HttpSession, by default, uses cookie to pass the session ID in all the client's requests within a session. If cookie is disabled, HttpSession switches to URL-rewriting to append the session ID behind the URL. To ensure robust session tracking, all the URLs emitted from the server-side programs should pass thru the method response.encodeURL(url). If cookie is used for session tracking, encodeURL(url) returns the url unchanged. If URL-rewriting is used, encodeURL(url) encodes the specified url by including the session ID.
wood burning stoves
subject: Session Management Query in Servlets
Similar Threads
help with cookie
HFSJ Page 231, under 2nd Heading
ServletContext, PageContext HttpSesstion and HttpServletRequest
Session data passed through header line or body ?
New Session Created Randomly in Tomcat 5.0.28