• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

jsessionID.... can it be replaced?

 
Ranch Hand
Posts: 113
Hibernate Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i have heard that servlet specification says cookie name must be jsessionid and not other than this.

but i have seen some website use some other thing other than jsessionid to identify the same thing for ex. www.irctc.co.in here i have seen some thing like

?BV_SessionID=@@@@0178584902.1242489912@@@@&BV_EngineID=cccdadehfhemfghcefecehidfhfdfko.0



looks like BV_SessionID is same as we have jsessionid.
My question is can we replece the "jsessionid" with and value
what could be the significance of BV_EngineID ..is it some thing related to multiple servers and distributed engines that serve the request .

 
Ranch Hand
Posts: 5575
Eclipse IDE Windows XP Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Tanu Gulati wrote:i have heard that servlet specification says cookie name must be jsessionid and not other than this.



i never heard this. i think you are talking about sessionid name while url rewriting. am i right?
 
Bartender
Posts: 6663
5
MyEclipse IDE Firefox Browser Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can name your own cookie or pass your own session ID to an application. The JSESSION ID however is unique to a J2EE web container and the way it tracks sessions.
 
Tanu Gulati
Ranch Hand
Posts: 113
Hibernate Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

i never heard this. i think you are talking about sessionid name while url rewriting. am i right?


yes

The JSESSION ID however is unique to a J2EE web container and the way it tracks sessions.


if jsessionid is unique to j2ee web container then how come i am see the parameters i mentioned above on irctc.co.in i was expecting to see jsessionid but i never saw.

by the way my question is can we NOT use any other variable in place of jsessionid for tracking session?
 
Ranch Hand
Posts: 689
Scala Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Tanu,

I think you are not use another name instead of jsessionid.

Because it generates by the container by automatically when your browser not support cookies.

and it is append with url

? mark

and that character you change according to vendor specific but name always same jsessionid for request.

 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Windows XP Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Tanu Gulati wrote:
by the way my question is can we NOT use any other variable in place of jsessionid for tracking session?



if you use tomcat , the sessionid name append in the url-rewriting must be jsessionid . not sure about other container
 
Saloon Keeper
Posts: 27763
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The jsessionid is not a variable - it's an appendage. If you'll notice, there's a ";" between it and the rest of the URL, including the request variables, which are inrtoduced by the "?".

As far as I can remember without checking, it's stripped off before any of the HttpServletRequest methods can ever even see it.

There's no point in mucking around with it. All it - or any J2EE session IDs - really is is a handle by which the server can match the session with a given client. There's no formal spec about what that ID should be, how it should be formed, of even if the same ID should be passed on each request/response cycle. jsessionid hacks that work on one server may not work on another. Or even a different version or configuration of the same server.

 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Consider the possibility that the application you asked about is not using the standard API at all, but substituting its own "session" mechanims.

With Java serialization this is easy to do.

Bill
 
Tanu Gulati
Ranch Hand
Posts: 113
Hibernate Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
mm....looks like the url in question is using their own session mechanism ...thanks William
 
I think I'll just lie down here for a second. And ponder this tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic