my dog learned polymorphism*
The moose likes Servlets and the fly likes Session management when cookies are disabled Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Session management when cookies are disabled" Watch "Session management when cookies are disabled" New topic
Author

Session management when cookies are disabled

Monalisa Das
Greenhorn

Joined: May 05, 2013
Posts: 11
Recently i have studied about session management and got to know that if cookies are not received at server end then only response.encodeURL() works and the jSessionId gets appended at the end of the encoded url.However i also observed that if during request response chain we enable cookies and make subsequent request then on the very next response cookies will be received at client end and will get saved.Also encoded url is received if any in the response page.On making next request the cookies as well as encoded url is sent.My question is on why we get encoded url as a response to this request although cookies were received at server end.
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12769
    
    5
why we get encoded url as a response to this request although cookies were received at server end.


URL encoding is NOT something that the server does automatically, it must be written into each servlet/jsp program.

Probably the author of the program you are looking at detected lack of cookie support early and assumed it would stay off for the duration of the user's session.

Bill
Monalisa Das
Greenhorn

Joined: May 05, 2013
Posts: 11
I am not confuse about that URL encoding is done automatically.. the jsp program i have writen has explicit mention of response.encodeURL()
Monalisa Das
Greenhorn

Joined: May 05, 2013
Posts: 11
William Brogden wrote:
why we get encoded url as a response to this request although cookies were received at server end.


URL encoding is NOT something that the server does automatically, it must be written into each servlet/jsp program.

Probably the author of the program you are looking at detected lack of cookie support early and assumed it would stay off for the duration of the user's session.

Bill


I am not confuse about that URL encoding is done automatically.. the jsp program i have writen has explicit mention of response.encodeURL()
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12769
    
    5
Monalisa Das wrote:I am not confuse about that URL encoding is done automatically.. the jsp program i have writen has explicit mention of response.encodeURL()


Good. But now I don't understand your original question. What were you expecting to happen when cookies are enabled?

Bill
Monalisa Das
Greenhorn

Joined: May 05, 2013
Posts: 11
William Brogden wrote:
Monalisa Das wrote:I am not confuse about that URL encoding is done automatically.. the jsp program i have writen has explicit mention of response.encodeURL()


Good. But now I don't understand your original question. What were you expecting to happen when cookies are enabled?

Bill


My problem goes like..i have disabled cookies in my browser then firstly i requested static page that is index.html..then clicking on a link which represents a fake url will run a servlet class which ultimately sends a jsp page as response.. since no cookies received at server end therefore the server will assume that cookies are disabled and will encode the url through response.encodeURL() written in this jsp page..on receiving this very response i enable cookies in my browser..then i click on the encoded link that was sent as response..this will run the desired servlet class mapped to that fake url..since cookies was not sent therefore the server will assume that cookies are disabled and will again encode url present in the jsp response page.. but this time since cookies were enabled cookies will be saved in browser.. next time clicking on any link i expect that encoded url containing jsessionid as well as cookies should be sent to server.. but surprisingly the corresponding servlet class prints null to the statement
" System.out.println(request.getHeader(cookie)) "
cookie should be sent since cookies were made enable.. and since cookies were not received the server again encode the url with the sessionid..
Why the cookies were not sent?? is it so that encoded url containing jsession id and cookies can not be sent to the server simultaneously?
It may be possible that i have some wrong assumptions..please clarify it if any..


Thanks in advance
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12769
    
    5
If this was my problem I would use a browser plugin/function such as Live HTTP Headers in Firefox to see what cookies are actually being sent from the server.

It may be that if your code doesn't do a getSession( true ), no session cookie is created.

Bill

Monalisa Das
Greenhorn

Joined: May 05, 2013
Posts: 11
William Brogden wrote:If this was my problem I would use a browser plugin/function such as Live HTTP Headers in Firefox to see what cookies are actually being sent from the server.

It may be that if your code doesn't do a getSession( true ), no session cookie is created.

Bill



In the servlet class I have used request.getSession() which is equivalent to request.getSession(true)
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12769
    
    5
I have teased the following out of your big text (learn the value of paragraph organization if you want a job in technical documentation.)

.on receiving this very response i enable cookies in my browser..then i click on the encoded link that was sent as response..this will run the desired servlet class mapped to that fake url..since cookies was not sent therefore the server will assume that cookies are disabled and will again encode url present in the jsp response page.. but this time since cookies were enabled cookies will be saved in browser.


So - attempting to take apart the sequence of events:
1. when you get the response, you enable cookies on the browser
At this point, NO cookies are stored on the browser because cookies were turned off when the HTML page was received.
2. therefore, no cookie will be in the next request, but the URL will contain the encoded session id.
At this point on the server, requesting a session should get a session id established and the JSP you forward to should recognize this.

Isn't there a convention in JSP to always look for a session? It has been a while...

Have you tried examining all the headers on the client browser like I suggested?

Bill

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Session management when cookies are disabled