• Post Reply Bookmark Topic Watch Topic
  • New Topic

session cookie/url writing doubt  RSS feed

 
vijayakumar vivekanandan
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
1) Browser cookie support enabled.
Request first sent & server sets the session ID as cookie in the HTTP response header.

2) Browser sends the cookie back while making the next request to the server. Now the server picks up sessionID cookie and thus the client joins the session.

3)
Response sent with session ID as cookie and not URLencoding since you found that cookie was enabled last time.

4) All of a sudden Browser cookie support disabled.
So what will happen now since for next subsequent request cookie disabled and also url is not rewritten with sessionID in the html response we got from the server. So will that session be lost?

Do we have any protection against this scenarion?
 
Carl Trusiak
Sheriff
Posts: 3341
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The session will be "disconnected" from the client. The session object and any objects placed in there will hang around until session timeout.

Browser don't magically change from Cookies supported to Cookies not supported. The user will have to change his settings.

TYhe only way to prevent this is to always place the session id on the url and never rely on cookies. This has a draw back if the users bookmark the url....
 
vijayakumar vivekanandan
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks. It answered my question.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!