• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Liutauras Vilda
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Scott Selikoff
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
  • Frits Walraven
Bartenders:
  • Stephan van Hulst
  • Carey Brown

cookies in JSP

 
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i had been to one interview,

wanted to know, if a program uses cookies to store the session and the user doesn't want to enable cookies in the browser, how session is maintained in JSP

Can any one please help me?

Regards,
Anu
 
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
URLRewriting as a fallback mechanism.
 
Anu satya
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

ok. but what is fallback mechanism?

if it is an alternative, then why to use two mechanism to maintain the session? we can only use url rewriting right?
 
Sebastian Janisch
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
this is what fallback menas. it is only in force if the session tracking via cookies does not work because the user disabled cookies.
 
Anu satya
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
ok. can you please give example? i am pretty sure.....how to do that keeping both cookie and URL rewriting......

then, how to differentiate the data in JSP, which is coming from URL rewriting and cookies?
 
Bartender
Posts: 4116
72
Mac TypeScript Chrome Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Anu satya wrote:... if it is an alternative, then why to use two mechanism to maintain the session? we can only use url rewriting right?


You can use cookies not only to manage session ID but to transfer other small pieces of data back and forth so we need cookies . And for the seesion tracking URL rewriting works (only if you have asked the container to do so, of course) only if the cookies fails.
 
Sebastian Janisch
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Anu satya wrote:ok. can you please give example? i am pretty sure.....how to do that keeping both cookie and URL rewriting......

then, how to differentiate the data in JSP, which is coming from URL rewriting and cookies?



When writing your JSP's, instead of putting the url plain into the code, you use the c:out JSTL tag that does the rewriting for you automatically.

This is what happens.

- A new client opens your website
- All URL are encoded because no session exists yet so there is no cookie the client can serve to the server
- The cookie containing the session id is sent back to the client together with the page response (At this time both url rewriting and cookies are in force)
- It is up to the client to either store or ignore the cookie
- Upon the next request, the session id will be transferred in the URL query string in any case, and - if the user accepts cookies - also the cookie will be transferred
- the container evaluates whether or not a cookie has been sent and skips url rewriting from here on

got the idea ?

there are two functions called isRequestedSessionIdFromCookie and isRequestedSessionIdFromURL on the request object.
 
These are the worst of times and these are the best of times. And this is the best tiny ad:
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic