[Logo]
Forums Register Login
Container tracking sessions
I ran across a question in a practice test: "How can you make sure that the container tracks sessions for you web application using SSL?"

With the correct answer as:
Add the following to the web.xml:
session-config>
<tracking-mode>SSL</tracking-mode>
</session-config>

However, another of the responses could have been:
Add the following to the web.xml:
<session-config>
<cookie-config><secure>true</secure></cookie-config>
<tracking-mode>cookie</tracking-mode>
</session-config>

I'm not sure why the second one is wrong. Any ideas?
There are many companies interested in our track consumer behavior. Recently it was revealed that Apple and Android track the GPS locations of users in some versions of the operating system. There are vehicles which are installed in gps car tracking to always be possible to know what their position, not only in the case of auto theft. There are special applications for container tracking and container tracking , useful for monitoring the location of all devices
Hi Doron Vett,

Interesting question and to be honest: I didn't know that the <tracking-mode> element existed. I had a quick look what the Servlet 3.0 specs say about it and I couldn't find anything apart from the element in the xsd itself.

This is what the specs say about SSL and session tracking:
7.1.2 SSL Sessions
Secure Sockets Layer, the encryption technology used in the HTTPS protocol, has a built-in mechanism allowing multiple requests from a client to be unambiguously identified as being part of a session. A servlet container can easily use this data to define a session.


So I guess the tracking mode element is not always needed...

Regards,
Frits
Wink, wink, nudge, nudge, say no more ... https://richsoil.com/cards



All times above are in ranch (not your local) time.
The current ranch time is
Dec 14, 2017 06:29:05.