• Post Reply Bookmark Topic Watch Topic
  • New Topic

Cookies and HTTPSession

 
Andy Hahn
Ranch Hand
Posts: 225
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a question regarding HTTPSession and cookies. I understand that the HTTPSession creates a cookie that contains the jsessionid and places it onto the client's machine (as a non-persistent cookie) behind the scenes. So, what if the client has cookies disabled in the browser? Does that mean that the user cannot use a session.

If this were the case, what would the following code return?

HTTPSession session = request.getSession();

Thanks!
 
Steve McCann
Ranch Hand
Posts: 81
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Andy

The HttpSession does not create cookies. You can usually configure the server to use cookies to keep track of sessions but if you want to use them you need to create one using code and place it in the Response (or HttpServletResponse). Nothing to do with the Session.

Steve
[ November 01, 2005: Message edited by: Steve McCann ]
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65519
105
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
but if you want to use them you need to create one using code


Completely incorrect. In order for the container to keep track of sessions using cookies you need do absolutely nothing in the code.

In the case where cookies are disabled in a browser, sessions can be tracked using URL-rewriting which places the session key on the URLs for tracking.
 
Steve McCann
Ranch Hand
Posts: 81
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Completely incorrect. In order for the container to keep track of sessions using cookies you need do absolutely nothing in the code.

Sorry - I don't think I explained what I meant very clearly. I was thinking in terms of a specific use for your app not to track sessions.

Steve
 
Steve McCann
Ranch Hand
Posts: 81
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
...and my comment about using them in your app is completely irrevelant to the original question.

Appologies for the waffle.

:roll:
Steve
[ November 02, 2005: Message edited by: Steve McCann ]
 
Bosun Bello
Ranch Hand
Posts: 1511
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As mentioned by Ben, the Httpsession actually uses cookies to implement session tracking. And, you are correct, it creates a cookie that contains the jsessionid and places it onto the client's machine. If the client disables cookies, it will try to USE URL rewriting. I said try because, you servlet has to actually code for URL rewriting by encoding any URL�s generated within the servlet. Which will append the session key to the end of the URL. The point is URL rewriting is not automatic. I hope this makes a little bit of sense
 
Andy Hahn
Ranch Hand
Posts: 225
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks everyone. It makes total sense.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!