• Post Reply Bookmark Topic Watch Topic
  • New Topic

Httpsession  RSS feed

 
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HttpSession internally uses cookies and after disabling it, still working: how?
 
srikanth darbha
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Does HttpSession internally uses cookies if yes how?please anyone provide me the feedback
 
author & internet detective
Marshal
Posts: 38390
649
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HttpSession doesn't have to use cookies. The JSESSIONID can be passed as a parameter in the URL instead. In general, this is less secure as it is easier to capture the URL. And therefore another user's session.
 
Author and all-around good cowpoke
Rancher
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

srikanth darbha wrote:HttpSession internally uses cookies and after disabling it, still working: how?



Exactly how did you "disable" cookies?

Why do you think "still working"?

Bill
 
srikanth darbha
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Jeanne Boyarsky wrote:HttpSession doesn't have to use cookies. The JSESSIONID can be passed as a parameter in the URL instead. In general, this is less secure as it is easier to capture the URL. And therefore another user's session.



thanks
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!