Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

session and cookies

 
cyril vidal
Ranch Hand
Posts: 247
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear all,
I'de liked to test encodeURL(String url) method concerning session handling.
Unfortunately, i can't prevent cookies' presence so I never see the session ID attached to the URL.
I use IE6 under windows 2000 and of course, I've done the configuration on IE6 to "block all cookies" in the confidentiality zone of IE6. But it doesn't seem to have any effect and a cookie is still sent with the request (I see it using getHeaderNames() of HttpServletRequest in my code, that includes a line dedicated to cookie)
Does it to deal wiht difference between internet and intranet, because I test it on local with Tomcat, and perhaps the configuration affects only Internet zone?
So what can I do to definitely prevent save of cookies on my local machine and so see the sessionID appended to URL?

Thanks in advance for your response,
Regards,
Cyril.
[ November 05, 2003: Message edited by: cyril vidal ]
 
Sathya Sankar
Ranch Hand
Posts: 67
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Cyril,
Try this. Go to Tools->Internet Options->Privacy tab -> Advanced -> Check override automatic cookie handling -> Choose on block for both first-party and third-party cookies. Click ok , ok. Close browser window. Restart browser.
You should be able to see the jsessionid with response.encodeURL.
Ciao,
GSS
 
cyril vidal
Ranch Hand
Posts: 247
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Sathya,
Thank you very much for your response. I've done what you said to me, and indeed, I have a very strange result, more exactly:
the second time I access the page, the session-id is added to my URL:
http://localhost:8080/session/reecritureURL;jsessionid=44A2E9689EA7CC752366EB1FA2B78066
but in the same time, these are the results of out.println of the request's header names:

new session:
false
Liste des en-t�tes HTTP de la requ�te:
accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*
referer: http://localhost:8080/session/reecritureURL
accept-language: fr
accept-encoding: gzip, deflate
user-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
host: localhost:8080
connection: Keep-Alive
cookie: JSESSIONID=44A2E9689EA7CC752366EB1FA2B78066
I don't understand how I can have in the same time the session-id added to my url and a cookie header name joined to my request: isn't in theory impossible?
Furthermore, during the following requests, no more sesssion-id is added to the URL, and all the request contain cookie header-name!?
I'm little lost...
Any explication would be very helpful,
Regards,
Cyril.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic