Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Httpsession

 
srikanth darbha
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HttpSession internally uses cookies and after disabling it, still working: how?
 
srikanth darbha
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Does HttpSession internally uses cookies if yes how?please anyone provide me the feedback
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34973
379
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HttpSession doesn't have to use cookies. The JSESSIONID can be passed as a parameter in the URL instead. In general, this is less secure as it is easier to capture the URL. And therefore another user's session.
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13074
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
srikanth darbha wrote:HttpSession internally uses cookies and after disabling it, still working: how?


Exactly how did you "disable" cookies?

Why do you think "still working"?

Bill
 
srikanth darbha
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jeanne Boyarsky wrote:HttpSession doesn't have to use cookies. The JSESSIONID can be passed as a parameter in the URL instead. In general, this is less secure as it is easier to capture the URL. And therefore another user's session.


thanks
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic