cookies,encodeUrl,jsessionid confusion
aleem khan
Ranch Hand
Posts: 94
posted 8 years ago
Hi all,
I am really confused with all three concepts , looked into various tutorials etc but each one is contradicting
Hence i am compiling questions
1)For managing session does user has to explicitly do encodeUrl if cookies are turned off by browser?
2)In some of the tutorials i came to know user doesn't have to do anything the server will
gerneate jsessionId automatically and server will send that to browser , user doesn't need to do anything
he has to only call this HttpSession.getSession(true);
3)If server is maintaining the session automatically then why we have
concepts like Cookie.addCokie() or encodeURL . It is better we can leave this to server
automatically which will generate and jsession id
4) Please some one tell the exact steps which a developer has to do so that he can maintain session even when cookies are turned off
I am really confused with all three concepts , looked into various tutorials etc but each one is contradicting
Hence i am compiling questions
1)For managing session does user has to explicitly do encodeUrl if cookies are turned off by browser?
2)In some of the tutorials i came to know user doesn't have to do anything the server will
gerneate jsessionId automatically and server will send that to browser , user doesn't need to do anything
he has to only call this HttpSession.getSession(true);
3)If server is maintaining the session automatically then why we have
concepts like Cookie.addCokie() or encodeURL . It is better we can leave this to server
automatically which will generate and jsession id
4) Please some one tell the exact steps which a developer has to do so that he can maintain session even when cookies are turned off
posted 8 years ago
Yes , expilicty call the response encodeURL method for all the page links if you want to handle cookies disabled browser clients too
Its partially true , i guess you dint read the before or after para of this in the referred tutorials. The user has to do "encodeURL" and everything else like adding sessionID , checking for cookies header are taken by the container. Thats what they meant by above.
Cokies does not only contain sessionID , Cookie.addCookie can be used to store some useful informations in the Client , say the preferences of the Client and when next time the client reaches server , server would load the Client preferences without ever asking the CLient again.
Its safe to use encodeURL method for all links as you never which client has restricted browser settings. But if you opt for cookies instead encodeURL , then instruct/alert the user to turn on the cookies before user can say Login or register.
1)For managing session does user has to explicitly do encodeUrl if cookies are turned off by browser?
Yes , expilicty call the response encodeURL method for all the page links if you want to handle cookies disabled browser clients too
2)In some of the tutorials i came to know user doesn't have to do anything the server will
gerneate jsessionId automatically and server will send that to browser , user doesn't need to do anything
he has to only call this HttpSession.getSession(true);
Its partially true , i guess you dint read the before or after para of this in the referred tutorials. The user has to do "encodeURL" and everything else like adding sessionID , checking for cookies header are taken by the container. Thats what they meant by above.
3)If server is maintaining the session automatically then why we have
concepts like Cookie.addCokie() or encodeURL . It is better we can leave this to server
automatically which will generate and jsession id
Cokies does not only contain sessionID , Cookie.addCookie can be used to store some useful informations in the Client , say the preferences of the Client and when next time the client reaches server , server would load the Client preferences without ever asking the CLient again.
Its safe to use encodeURL method for all links as you never which client has restricted browser settings. But if you opt for cookies instead encodeURL , then instruct/alert the user to turn on the cookies before user can say Login or register.
aleem khan
Ranch Hand
Posts: 94
posted 8 years ago
Thanks
So in general
1)use cookie if you want to have user preference along with session management
2)use encodeURL if cookie is turned off (basically by checking if cookie is present)
Hence developers have to only keep these 2 things in mind
addcookie(if i want preference) and encodeURL , rest all is done by server
I was under impression that we have to get jsessionid from server and then append them
with cookie and then append them with URL (encodeURL).
Thanks for your clarification
So in general
1)use cookie if you want to have user preference along with session management
2)use encodeURL if cookie is turned off (basically by checking if cookie is present)
Hence developers have to only keep these 2 things in mind
addcookie(if i want preference) and encodeURL , rest all is done by server
I was under impression that we have to get jsessionid from server and then append them
with cookie and then append them with URL (encodeURL).
Thanks for your clarification
SCJP(1.4), SCWCD, Oracle 9i SQL certified, Oracle PLSQL Developer Certified Associate
| Don't get me started about those stupid light bulbs. |