Re: session tracking without cookies

Wed, 19 May 1999 20:14:27 -0700 

Dmitry Melekhov wrote:

> > >
> > > I think the question was: is it possible to turn the generation of
> cookies
> > > off and use _always_ URL encoding since cookies annoy many users. I
> think
> > > in JWS, this is an option; a quick glance in the jserv-sources reveals,
> > > that it always sends a cookie on session creation. Should this be
> > > switchable ?
> > >
> >
> > In Apache JServ 1.0, it is not currently switchable, but it will be in the
> 1.1 version
> > which is currently in development.
> >
> > If cookies are turned off in the client, the server falls back to using
> URLs anyway.
>
> No :( If I turn coockies off, there is no sessions :(( I use 1.0b4
>

Are you doing the encodeUrl() calls?  If you're not, there's no way for
URL-rewriting-based session management to work.

If you are, something else wierd is going on.  Could you try using the
SnoopServlet example from the JSDK to see if it works correctly?


>
> > The only possible "annoynamce" would be for users who have their browser
> set to "warn
> > me before you accept a cookie."  But you still have to call encodeUrl() as
> stated in
> > the servlet spec for this to do any good.
>
> There is another reason for use session id in url- in another window of
> browser may
> be another session. It is critical for intranet apps, imho.
>
> Is there any downloadable snapshot of 1.1 ?
>

I will publish some instructions on the web site in the next couple of weeks.
 It will not be for the faint of heart -- you have to be pretty knowledgable to
build it -- but the stuff that has been built so far seems to work pretty
well.  The largest major missing piece is that it's not integrated with Apache
at this point -- it runs standalone like the JSDK servlet runner does.

>
> Dmitry Melekhov
> (aka 2:5050/11.23@fidonet)
> http://www.aspec.ru/~dm
>

Craig McClanahan




-- --------------------------------------------------------------
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
READ THE FAQ!!!!     <http://java.apache.org/faq/>
Archives and Other:  <http://java.apache.org/main/mail.html/>
Problems?:           [EMAIL PROTECTED]

Reply via email to