Authenticated user session without cookies- How to implement?

Hi All,
In my application, I have made changes to context.xml of my Tomcat server to disable cookies, as I was having wrong session data comming up in my popup window. But after making the changes , I am assuming my user session gets destroyed. I understand I should use URL encoding or some technique to retain user logged in across the pages. But I dont know the right way of doing it. I am new to jsp servlet applications and I am using Spring MVC framework to develop my application. I am learning everything and building my application. Please give your inputs on what is the best way of mainting user session across the pages and also have it secured.

<Context path='/postsales' cookies='false'> <!-- Default set of monitored resources --> <WatchedResource>WEB-INF/web.xml</WatchedResource> <!-- Uncomment this to disable session persistence across Tomcat restarts --> <Manager pathname='/postsales' /> </Context>

Thank you,
Kavitha.

Have you tested it? From the config file, it has nothing to do with cookie.

yes I did, basically, I was maintaining user logged on status in the session attribute. when I make cookies false, session.getAttribute is returning null and I get an exception. if i enable it. it works fine. I need to have user name atleast to be shown on each page and also, a variable to say user is logged on on every page and during inactivity time out this is set to not logged on or something. I am quiet not sure how generally user session management is implemented in web applications.
thank you,
Kavitha.

If you disable cookies, you are disabling session management at all. In this case, the application is responsible for passing the session identifier through URL rewriting.

yes, I am passing the user name and a new parameter status which says if the user is still logged in. I pass these two parameters with the URL to every page after user has logged in. Along with that I have kept a session time out, wich wil redirect to login page.
Let me know your suggestions on it.
thank you,
Kavitha.

You can read about URL rewriting on this page: http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=/rzatz/51/program/sesdeci.htm.

Sure, I will have a read through.
Thanks a lot.
Kavitha.