Anu satya wrote:... if it is an alternative, then why to use two mechanism to maintain the session? we can only use url rewriting right?
Anu satya wrote:ok. can you please give example? i am pretty sure.....how to do that keeping both cookie and URL rewriting......
then, how to differentiate the data in JSP, which is coming from URL rewriting and cookies?
When writing your JSP's, instead of putting the url plain into the code, you use the c:out JSTL tag that does the rewriting for you automatically.
This is what happens.
- A new client opens your website
- All URL are encoded because no session exists yet so there is no cookie the client can serve to the server
- The cookie containing the session id is sent back to the client together with the page response (At this time both url rewriting and cookies are in force)
- It is up to the client to either store or ignore the cookie
- Upon the next request, the session id will be transferred in the URL query string in any case, and - if the user accepts cookies - also the cookie will be transferred
- the container evaluates whether or not a cookie has been sent and skips url rewriting from here on
got the idea ?
there are two functions called isRequestedSessionIdFromCookie and isRequestedSessionIdFromURL on the request object.
JDBCSupport - An easy to use, light-weight JDBC framework -