Hi All, We are using HttpSession API for session management. (i.e) request.getSession( ) etc., etc., Now, the question is 1. How is the session managed? Is it through the cookies? 2. In WebSphere under Services->Session Manager Service we have the options of choosing Cookies or URL-rewriting for session Management. Say, If I choose both, then if the client disables the cookies in the browser will it still work? Please clarify these queries ASAP. Thanks & Regards, Nijeesh.
Cookies or URL-rewriting for session Management is transparent to developer and user in J2EE. If browser is disable cookie,then URL-rewriting will be used,but one time only one is be used,not both. Any wrong with my opinion?
Session management will still work if the client refuses cookies.. but only if you make sure all of your URLS (in both JSP and servlets) are run through the encodeURL() method of the HttpServletResponse object.
From the API:
For robust session tracking, all URLs emitted by a servlet should be run through this method. Otherwise, URL rewriting cannot be used with browsers which do not support cookies.
