• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Cookies and session !

 
Ranch Hand
Posts: 81
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
dear friends,
Is session depends on cookies ? i mean if client has disabled cookies from his/her browser, Is session works perfectly ok ? ( here session mean to an object of HttpSession )
When i write
HttpSession s1=request.getSession();
Is this code snippet requires a cookie to be enabled at client browser ?
please clarify session along with cookies and session without cookies !
Thanks in advanced, Dharmin
 
author
Posts: 3252
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Common ways to keep track of sessions are cookies, URL rewriting, and secure HTTP. URL rewriting requires explicit support on the developer's part. Secure HTTP obviously is applicable to pages accessed via https only.
- Peter
 
Dharmin Desai
Ranch Hand
Posts: 81
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Dear Peter,
If i m using HttpSession object to maintain session for my client at srvr side, My client need to make cookies enabled in his/her browser ?
Please elaborate peter !
Sincerely Dharmin
 
Ranch Hand
Posts: 84
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi Dharmin
for tracking a http session for a client we need to enable a cookie otherwise session tracking is not possible........
in general cookie value comes in a header for browser indicating about a client session and i.e JSESSIOID.
other technique are urlrewriting and https .
correct me if i am wrong
Rishi
 
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
If cookies are disabled on the client browser, you can still acheive session traking with url rewriting.
The basic consept here I think is that the server needs to identify a client(browser) uniquely. In other words, when in your servlet code you call
HttpSession session = req.getSession(true);
The true parameter forces the creation of a new session.
When you call this, you create a new session object and a corresponding session ID. In order to access this same HttpSession object in subsequent requests, you need to somehow send this session ID back to the browser and the browser needs to send it back to you when he send another request. There are 2 ways I know that can acheive this cookies and url rewriting.
Using cookies, the container will automaticlly do everything for you. I think he'll put the session ID in a HTTP response header. The browser will store this session in a cookie (file ?) and automaticlly send it back to you in other requests. The session ID will be sent back to you kind of like a HTTP request parameter.
In url rewriting you need to add the session id to any <href> html tags that you generate. When the user will click on the link the session ID will be sent back to you again like a HTTP request parameter.
Don't take everything I say word for word, I haven't passed the test yet
Dominic
 
Peter den Haan
author
Posts: 3252
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Dharmin:
If i m using HttpSession object to maintain session for my client at srvr side, My client need to make cookies enabled in his/her browser ?

Not necessarily. As an alternative to cookies, you can support URL rewriting (i.e. mangle every URL you generate using HttpServletResponse.encodeURL() so that the application server can append the session ID). Or use secure HTTP (https, port 443); a secure connection is stateful and can be used to track the session without the aid of cookies or URL rewriting.
If you're using URL rewriting, look into the JSTL core tags. There is a url tag that will help you. Struts has similar support in its tag libraries. Neither is part of the exam, by the way.
- Peter
[ January 07, 2003: Message edited by: Peter den Haan ]
 
Dharmin Desai
Ranch Hand
Posts: 81
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks a lot to Rishi, Peter and Dominic.
best regards, Dharmin
[ January 08, 2003: Message edited by: Dharmin ]
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic