Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

About HTTP Session

 
kanchi panneer
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Anybody how the session id will be transfered in HTTPSession of servlet, if url rewritten and cookies are allowed?

If URL rewritten and cookies both are not allowed means, how this transfer of ID from server to client will happen?
 
Bhavin Sanghani
Ranch Hand
Posts: 67
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Another way to manage session is using hidden variable. Check servlet tutorial for that.

-bhavin
 
Manuel Moons
Ranch Hand
Posts: 229
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
URL rewriting should occur on the server. This means that you can not "disallow" this.

Normally the prefered way is to send the sessionid via a cookie (using the http headers). If this is not possible the server will try to maintain the sessionid via url rewriting. This means that the programmer will have to rewrite all urls that go to the client(browser) via URLEncoder.encodeURL().

It is possible to pass the session id via a hidden field.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic