Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Httpsession  RSS feed

 
srikanth darbha
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HttpSession internally uses cookies and after disabling it, still working: how?
 
srikanth darbha
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Does HttpSession internally uses cookies if yes how?please anyone provide me the feedback
 
Jeanne Boyarsky
author & internet detective
Sheriff
Posts: 37242
519
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HttpSession doesn't have to use cookies. The JSESSIONID can be passed as a parameter in the URL instead. In general, this is less secure as it is easier to capture the URL. And therefore another user's session.
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
srikanth darbha wrote:HttpSession internally uses cookies and after disabling it, still working: how?


Exactly how did you "disable" cookies?

Why do you think "still working"?

Bill
 
srikanth darbha
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jeanne Boyarsky wrote:HttpSession doesn't have to use cookies. The JSESSIONID can be passed as a parameter in the URL instead. In general, this is less secure as it is easier to capture the URL. And therefore another user's session.


thanks
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!