All geek questions in one place

Session tracking using the Httpsession object if cookies are disabled in the browser

How can we manage the session object if cookies are disabled? How is url encoding used for this?

+4
source share
5 answers

The servlet container will handle this for you. If you look at the URL the first time you put your site, it will use rewriting the URL to add the JSESSIONID to the URL.

This is because the first time the server responds to the client, it does not know if the client supports cookies or not. He also wrote a cookie with a session identifier, so in the second request he checks the cookie, and if it stops using re-writing the URL, if it is not running.

+5
source

You should use encodeRedirectURL in the response object, please refer to this blog, this will help you.

http://mytechbites.blogspot.com/2009/08/servlet-session-management-when-cookies.html

+1
source

it adds jSessionId at the end of the url to request a map with the session, you may also need to configure your server

0
source

Use HttpServletResponse.encodeURL () to add jsessionid to your url but is considered harmful .

0
source

Find more information here.

HTTP sessions are the recommended approach. A session defines requests that originate from a single browser during a conversation period. All servlets can use the same session. JSESSIONID is generated by the server and can be transmitted to the client via cookies, URL rewriting (if cookies are disabled) or the built-in SSL mechanism. Care must be taken to minimize the size of the objects stored in the session, and the objects stored in the session must be serialized. In a Java servlet, a session can be obtained as follows:

HttpSession session = request.getSession (); // returns the current session or a new session

Sessions can be disconnected (configured in web.xml) or manually invalid.

0
source

Source: https://habr.com/ru/post/1386484/

More articles:


All Articles