HFSJ Final mock Q

Consider the following:

public void doGet(HttpServletRequest req, HttpServletResponse res) throws
ServletException, IOException
{
String url = res.encodeRedirectURL("/redirectme"); //Line 14
boolean test = "/redirectme". equals(url); //Line 15
res.sendRedirect(url);
}

Given answers:
1) Line 14 demonstrates a session management mechanism called URL rewriting.
2) After line 15, test could be either true or false.

I can't understand how test could be false after line 15.

Hi

If u take response.encodeURL or response.encodeRedirectURl functions, they will append the session id to the URL only if Cookies are disabled. So before doing the actual rewriting, they will check whether Cookies are supported. So the boolean value in the given code can be true or false depending on whether Cookies are supported or not.

Originally posted by S.L.Narayanan:
Hi

If u take response.encodeURL or response.encodeRedirectURl functions, they will append the session id to the URL only if Cookies are disabled. So before doing the actual rewriting, they will check whether Cookies are supported. So the boolean value in the given code can be true or false depending on whether Cookies are supported or not.

if the request for this servlet from the client is firt time then the value will be false becuase first time url-rewrite is turned on but if the request to this servlet is not the first in that session then it will be true if coockies are on...

if i am wrong pls correct me

Amit,

I want to agree with you because that is what HFSJ book says. But I tried the code sample in my Tomcat and it didn't add the jsessionid on the URL. I'm confused now.

Who knows this?

Thanks,
Jenny

The first time, a client requests for this servlet, the Container will use both Cookie and URL rewriting ( as you have used encodeRedirectURL for rewriting and cookie is the default for session management). i.e the container will send a cookie containing session id in the response header and also, it will append session id at the end of the url.

Now if the client has enabled cookies, then the cookie containing session id will come back in the request header and the Container will not do any URL rewriting for other requests as the Container knows that client supports cookies.

But, if the client has disables the cookies, then the request header in the next request will not contain any cookie header and the container now knows that it has to use URL rewriting, so wherever encodeURL or encodeRedirectURL is used it will append sessionid to those urls.

also, in case of sendRedirect, a second request is made by the client browser for the url specified in the redirect. so, if browser supports cookies, then you will not see session id appended at the end.

I just tested the code. My result is "true" only.

I disabled Cookie, but it still print "true". The result I expected is it should always be "true" when Cookie enabled, and "false" when Cookie disabled.
Please update me.

Bruce,

How did you turn off the cookies exactly? I think it matters.

I did it like this:
open internet browser -> Tools -> internet options -> privacy -> Advanced ->override automatic cookie handling -> Block Block -> OK.

Hope that helps.

Hi,

I did what you said block block and still getting the JSESSIONID cookie. I used the following code snippet to check it.
<html> <body> <%! public String getKookieValue(javax.servlet.http.HttpServletRequest request) { Cookie[] cookieArray = request.getKookies(); if(cookieArray!=null) { for(int i = 0; i < cookieArray.length; i++) { Cookie currentCookie = cookieArray[i]; String cookieName = currentCookie.getName(); if(cookieName.equals("JSESSIONID")) { return currentCookie.getValue(); } } } return "nothing"; } %> <%= getKookieValue(request)%> </body> </html>

Is there anyway that we can really block the cookies?

I guess the block block is for some other kind of cookies, not the one being set in response???

Thanks,
Jenny

Sorry about wierd spelling of cookie in my code snippet because of javaranch.

I have a simpler way to get that session cookie:

${cookie.JSESSIONID.value}

I tried to block block the cookie in my browser but ${cookie.JSESSIONID.value} still returns a session ID.

I tried to block block the cookie in my browser but ${cookie.JSESSIONID.value} still returns a session ID.

But is it the same value if you refresh the page? If the JSP just created the session, as it always does when there's no session unless you disable sessions in the page directive or the DD, then there will always be some session ID.

Yuriy,

I guess you are right.

Here is more findings:

If I use dispatcher forward to my 'view.jsp' page from servlet, I don't get the session id;

If I use redirect to 'view.jsp' page from servlet, I get the session id.

Any explanations?

Thanks!
Jenny