• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Problem about understanding cookies mechanism

 
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I hope I'm posting in the right forum.

I'm learning Servlets and JSP with HFSJ. Somewhere in this book, I read this:

on the client’s first request, the Container generates a unique session ID and gives it back to the client with the response. The client sends back the session ID with each subsequent request.

I have the following question to ask on it:

Even if cookies are enabled on the client, what ensures that the client will effectively send back the session ID with each subsequent request? Can't it be possible that, even if cookies are enabled on the client, the client doesn't send back the session ID with subsequent requests?
 
Ranch Hand
Posts: 147
Eclipse IDE Tomcat Server Debian
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If "cookies" is enabled in the browser, and yet it is NOT sending back a known cookie with the request, then you have a bug in the browser. The HTTP Cookie Wikipedia article speaks to how the browsers are supposed to implement cookies, with links to the actual specs that define the behavior.

If a browser doesn't implement this, it doesn't fully speak HTTP 1.1.
 
Ranch Hand
Posts: 112
Oracle Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


the things we need to understand that :

->working with Cookies is one of the ways used for session tracking.
->Cookies come to client along with the response as "set-cookie" ->response header values.
->similarly,Cookies go back to web application along with the request as " cookie"->request header values.
programmer creates cookies at server side by using servlet/Jsp kind of web resource program,but thy come to client side along with the response for allocating memory.
these cookies go back to their web application when request i given to that web application from browser window.(client).

the main disadvantage with cookies is:

cookies can be restricted coming to browser window from websites,this fails session-tracking.

so its all depends upon the setting done in your(client side)browser window.

example in Internet Explorer :you can block cookies
tools(menu)------>Internet options------->privacy(tab)---------------->select the block all cookies

and so on.. in any such browsers........

so we cant assure that cookies are sent to the respective we application if you block them in the client side browser window.it totally depends on settings done in the browser just like other settings like enabling or disabling javascript in the client side browser etc.......

to over come this problem we work with HttpSession with cookies. this session tracking takes place using HttpSession object(class implementing HttpSession interface.. to know that class we can use ses.getClass() method where here "ses" is the object of the class which is implementing HttpSession interface).

HttpSession object allocates memory on the server on per browser window basis and remembers client data across multiple request during a session as session attribute values.but they must get request from that browser window for which HttpSession object is created.
every HttpSession object contains session-id and this technique uses" In-memory cookie " to send session from webapplication from browser window to web application.

There are two kinds of cookies, as follows:

In-memory cookies: An in-memory cookie goes away when the user shuts the browser down.

Persistent cookies: A persistent cookie resides on the hard drive of the user and is retrieved when the user comes back to the Web page.

while working with HttpSession based session tracking technique,server sends session-id to browser window and the browser window(client side) is identified across the multiple request during a session based on session-id.

hope this is useful.






 
reply
    Bookmark Topic Watch Topic
  • New Topic