• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

jsessionID.... can it be replaced?

 
Tanu Gulati
Ranch Hand
Posts: 113
Hibernate Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i have heard that servlet specification says cookie name must be jsessionid and not other than this.

but i have seen some website use some other thing other than jsessionid to identify the same thing for ex. www.irctc.co.in here i have seen some thing like
?BV_SessionID=@@@@0178584902.1242489912@@@@&BV_EngineID=cccdadehfhemfghcefecehidfhfdfko.0


looks like BV_SessionID is same as we have jsessionid.
My question is can we replece the "jsessionid" with and value
what could be the significance of BV_EngineID ..is it some thing related to multiple servers and distributed engines that serve the request .

 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tanu Gulati wrote:i have heard that servlet specification says cookie name must be jsessionid and not other than this.


i never heard this. i think you are talking about sessionid name while url rewriting. am i right?
 
Deepak Bala
Bartender
Posts: 6663
5
Firefox Browser Linux MyEclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can name your own cookie or pass your own session ID to an application. The JSESSION ID however is unique to a J2EE web container and the way it tracks sessions.
 
Tanu Gulati
Ranch Hand
Posts: 113
Hibernate Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i never heard this. i think you are talking about sessionid name while url rewriting. am i right?

yes

The JSESSION ID however is unique to a J2EE web container and the way it tracks sessions.

if jsessionid is unique to j2ee web container then how come i am see the parameters i mentioned above on irctc.co.in i was expecting to see jsessionid but i never saw.

by the way my question is can we NOT use any other variable in place of jsessionid for tracking session?
 
Nishan Patel
Ranch Hand
Posts: 689
Eclipse IDE Java Scala
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Tanu,

I think you are not use another name instead of jsessionid.

Because it generates by the container by automatically when your browser not support cookies.

and it is append with url
? mark
and that character you change according to vendor specific but name always same jsessionid for request.

 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tanu Gulati wrote:
by the way my question is can we NOT use any other variable in place of jsessionid for tracking session?


if you use tomcat , the sessionid name append in the url-rewriting must be jsessionid . not sure about other container
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18277
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The jsessionid is not a variable - it's an appendage. If you'll notice, there's a ";" between it and the rest of the URL, including the request variables, which are inrtoduced by the "?".

As far as I can remember without checking, it's stripped off before any of the HttpServletRequest methods can ever even see it.

There's no point in mucking around with it. All it - or any J2EE session IDs - really is is a handle by which the server can match the session with a given client. There's no formal spec about what that ID should be, how it should be formed, of even if the same ID should be passed on each request/response cycle. jsessionid hacks that work on one server may not work on another. Or even a different version or configuration of the same server.

 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13071
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Consider the possibility that the application you asked about is not using the standard API at all, but substituting its own "session" mechanims.

With Java serialization this is easy to do.

Bill
 
Tanu Gulati
Ranch Hand
Posts: 113
Hibernate Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
mm....looks like the url in question is using their own session mechanism ...thanks William
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic