Hi,
If cookies are disabled on the client browser, you can still acheive session traking with url rewriting.
The basic consept here I think is that the server needs to identify a client(browser) uniquely. In other words, when in your
servlet code you call
HttpSession session = req.getSession(true);
The true parameter forces the creation of a new session.
When you call this, you create a new session object and a corresponding session ID. In order to access this same HttpSession object in subsequent requests, you need to somehow send this session ID back to the browser and the browser needs to send it back to you when he send another request. There are 2 ways I know that can acheive this cookies and url rewriting.
Using cookies, the container will automaticlly do everything for you. I think he'll put the session ID in a HTTP response header. The browser will store this session in a cookie (file ?) and automaticlly send it back to you in other requests. The session ID will be sent back to you kind of like a HTTP request parameter.
In url rewriting you need to add the session id to any <href> html tags that you generate. When the user will click on the link the session ID will be sent back to you again like a HTTP request parameter.
Don't take everything I say
word for word, I haven't passed the
test yet
Dominic