Well I could be way off base here.... but doesn't using Sessions require the user to have cookies turned on?
The session ID is sent back to the browser on the first request, and is sent as part of every subsequent request. How to store this id, except as a cookie?
The alternative is the "url rewriting" but this (I don't think?) is not implemented by 'default', and the jsp/servlet coder must think to do this.
Am I wrong?
Ok, I've just tried it out.. Using Tomcat3.2.2 and IE5.0 on Windows200SP2 I had my explorer prompt me on every attempt to set a cookie. Using the Shopping cart example under webapps/examples/jsp/sessions/carts.jsp
The shopping cart does not work if I reject the cookie. It always shows just one item (the last one selected) in my basket. The first time I accept the cookie, it starts working. Which means the session is busted without cookies, unless I perform URL rewriting.
So as my friend at work is wont to say: "No cookie, no play"
[This message has been edited by Mike Curwen (edited July 03, 2001).]