• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session

 
Kodo Tan
Ranch Hand
Posts: 105
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all
I have read the servlet specifications and there are a few points I'm quite confused regarding session.
From what I have read, it seem that to support session management, you can do either (1) cookies or (2) url rewriting e.g. http://...;jsessionid=1234.
Normally when we need to get/create a session, we need to use something like HttpServletRequest.getSession(); within the servlet. Does this method still works if the site is http (not https) without the above rewritting ?
I thought it should not be working as http is a stateless protocol ? I have created a small servlet using the getSession() and it worked. Is this due to cookies or the browser handles the jessionid automatically ?
Thanks in advance.
 
James Hobson
Ranch Hand
Posts: 140
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
http is stateless, that is why you "add" statefulness with cookies or URL re-writing.
https is stateful so you dont need (in theory) cookies or URL re-writing -- the protocol itself does all that.
In practice you dont normally need to worry about it, as the app-server should handle it all for you transparently.
 
Mike Curwen
Ranch Hand
Posts: 3695
IntelliJ IDE Java Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sessions are managed through cookies.

If your browser doesn't support cookies, then URL re-writing is what needs to be done. The session id is then writen into all URLs emmited by your servlet or JSP's.

So the bottom line is, sessions in JSP/Servlet land are *actually* identified by a jsessionid cookie. If a particular client doesn't allow cookies, then this id needs to be written into the URL.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic