• Post Reply Bookmark Topic Watch Topic
  • New Topic

Is cookies are mandatory for session management?  RSS feed

 
Nagaraj Shivaklara
Ranch Hand
Posts: 78
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Can you please explain me why cookies needs to be enabled for the session? without cookies cant we have session?

Thanks
Nagaraj
 
Tim Moores
Saloon Keeper
Posts: 3832
80
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, cookies are not needed for session handling. There is another mechanism called "URL rewriting" which can be used instead. Note that this requires all URLs sent to the client to be treated especially.
 
Rob Spoor
Sheriff
Posts: 21048
85
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim is right. The server should check if cookies are enabled, and if not it should add the session ID to the URLs. You can do this with HttpServletResponse's encodeRedirectURL and encodeURL methods.
 
Saifuddin Merchant
Ranch Hand
Posts: 607
Firefox Browser Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Rob Spoor wrote:You can do this with HttpServletResponse's encodeRedirectURL and encodeURL methods.


or use a framework that does the hard work for you. Most (or is it all ?) web frameworks do this for you behind the scene.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!