My experience with weblogic is that it does use cookies to track
sessions. You can watch the cookies being placed by setting your browser
to warn you before accepting cookies. If the browser does not accept
cookies and you have wrapped all the hrefs in encodeURL, weblogic will
then use url rewritting to track sessions.
A related problem that bit me was how netscape views servers. Weblogic
defaults to using port 7001 for http and port 7002 for https. Netscape
treats requests to specified ports as coming from different servers,
which means that it will not send back the session cookie as you switch
between http and https while using the defaults for weblogic. If you run
weblogic on the standard ports, (80 for http, and 443 for https) and do
not specify ports in your request, netscape will treat both protocols as
having come from the same server and return the session cookies
regardless of what protocol made the request. IE doesn't have this
problem. It will return cookies to all ports from the same server.
Carles
Tom Preston wrote:
>
> I checked for cookies being written as I was testing sessions using the weblogic
> application server.
>
> I was surprised to find that a different browser invokation was not putting me into
> the same user
> session (if this was being done with cookies,, it seemed that it should have). I
> started poking around
> and couldn't find any cookies on the client. We sent a msg to weblogic support to
> find out about
> implementation and I believe that they replied that they were not using cookies to
> support sessions.
> I will see if I can dig up some real facts about implementation there.
>
> Mike Engelhart wrote:
>
> > Tom Preston wrote:
> >
> > > They figure out who you are in diff ways. Can't remember details, but I
> > > recall
> > > that client
> > > ip address is part of it.
> > I'm pretty sure that can't be right. IP addresses aren't guaranteed at all
> > - they can be spoofed or if the user is coming from behind a proxy server
> > their IP address could be anything.
> >
> > Mike
> >
> > ===========================================================================
> > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
> > FAQs on JSP can be found at:
> > http://java.sun.com/products/jsp/faq.html
> > http://www.esperanto.org.nz/jsp/jspfaq.html
>
> --
> Tom
>
> Thomas Preston
> Vacation.com, Inc.
> Engineering Department
> 617.210.4855 x 124
>
> ===========================================================================
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
> FAQs on JSP can be found at:
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
