Originally posted by Andres Gonzalez:
Hi guys...
1o.) what does:
request.getSession(false)
do?
I don't understand the false attribute.
2o.) when do you use
response.encodeURL??
when the browser does not support cookies??
3o.) if the browser does not support cookies, can I still use request.getSession??
thanks..
1. According to the
docs:
public HttpSession getSession(boolean create)
Returns the current HttpSession associated with this request or, if if there is no current session and create is true, returns a new session. If create is false and the request has no valid HttpSession, this method returns null.
2. You use encodeURL to maintain session tracking when the client browser does not accept cookies. It's a fallback mechanism in such a case. The web server recognizes the session because this method appends the jsessionid to the query
string for you. According to the specs:
SRV.7.1.3 URL Rewriting
URL rewriting is the lowest common denominator of session tracking. When a client will not accept a cookie, URL rewriting may be used by the server as the basis for session tracking. URL rewriting involves adding data, a session id, to the URL
path that is interpreted by the container to associate the request with a session. The session id must be encoded as a path parameter in the URL string. The name of the parameter must be jsessionid. Here is an example of a URL
containing encoded path information:
http://www.myserver.com/catalog/index.html;jsessionid=1234 3. Yes, if you've implemented encodeURL
There's an example of using encodeURL
here