SRV.7.1 Session Tracking Mechanisms
The following sections describe approaches to tracking a user’s sessions
SRV.7.1.3 URL Rewriting
URL rewriting is the lowest common denominator of session tracking. When a
client will not accept a cookie, URL rewriting may be used by the server as the basis
for session tracking. URL rewriting involves adding data, a session ID, to the URL
path that is interpreted by the container to associate the request with a session.
The session ID must be encoded as a path parameter in the URL string. The
name of the parameter must be jsessionid. Here is an example of a URL
containing encoded path information:
http://www.myserver.com/catalog/index.html;jsessionid=1234
All servlet containers must support HTTP as a protocol for requests and
responses, but additional request/response-based protocols such as HTTPS
(HTTP over SSL) may be supported.
“Everything should be as simple as it is, but not simpler.” Albert Einstein
SCJP 5, SCWCD 5
Only The Strong Survive!
According to the spec - "URL rewriting may be used by the server as the basis
for session tracking." So its not a requirement. Hence Answer B should be false.
THis is also what I understood from the errata for this question.
Is a J2EE container required to support SSL
Hey Ankit you do not reply to my queries these days.
SRV.12.5.4 wrote:Servlet containers that are not J2EE technology compliant are not required to support the HTTPS protocol.
SRV.7.1.4 wrote:Web containers must be able to support the HTTP session while servicing HTTP requests from clients that do not support the use of cookies.
SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
SCJP 5.0
Simran Dass wrote:
1. Which statements about HTTP Session are true?
A. Java EE Containers must support HTTP Cookies
B. Java EE Containers must support URL rewriting
C.Java EE Containers must support SSL
D.Java EE Containers must support HTTP sessions, even for clients that do not
support cookies.
"A problem well stated is a problem half solved.” - Charles F. Kettering
SCJP 6, OCPJWCD
As per specs, a JEE container:
Must support HTTP Cookies
May support URL rewriting
May support SSL
Must support HTTP sessions, even for clients that do not support cookies.
Is that correct?
Also, how can the last one be a MUST, if the second one is a MAY?
If not cookies, then URL rewriting is the only way to ensure session tracking (at least in my limited knowledge)
So how can there be a container that does NOT support URL rewriting and yet, supports HTTP sessions for a non-cookie-supporting client?
It's hard to fight evil. The little things, like a nice sandwich, really helps. Right tiny ad?
New web page for Paul's Rocket Mass Heaters movies
https://coderanch.com/t/785239/web-page-Paul-Rocket-Mass
|