Win a copy of Zero to AI - A non-technical, hype-free guide to prospering in the AI era this week in the Artificial Intelligence and Machine Learning forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Paul Clapham
  • Bear Bibeault
  • Jeanne Boyarsky
Sheriffs:
  • Ron McLeod
  • Tim Cooke
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Jj Roberts
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • salvin francis
  • Scott Selikoff
  • fred rosenberger

session cookie/url writing doubt

 
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
1) Browser cookie support enabled.
Request first sent & server sets the session ID as cookie in the HTTP response header.

2) Browser sends the cookie back while making the next request to the server. Now the server picks up sessionID cookie and thus the client joins the session.

3)
Response sent with session ID as cookie and not URLencoding since you found that cookie was enabled last time.

4) All of a sudden Browser cookie support disabled.
So what will happen now since for next subsequent request cookie disabled and also url is not rewritten with sessionID in the html response we got from the server. So will that session be lost?

Do we have any protection against this scenarion?
 
Sheriff
Posts: 3341
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The session will be "disconnected" from the client. The session object and any objects placed in there will hang around until session timeout.

Browser don't magically change from Cookies supported to Cookies not supported. The user will have to change his settings.

TYhe only way to prevent this is to always place the session id on the url and never rely on cookies. This has a draw back if the users bookmark the url....
 
vijayakumar vivekanandan
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks. It answered my question.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic