Interesting. I will try again using the browser warnings. Maybe I was missing
something.
I just confirmed with the person who spoke with the support dept there that they
said that they are not using cookies....but maybe there was miscommunication.
Carles Pi-Sunyer wrote:
> My experience with weblogic is that it does use cookies to track
> sessions. You can watch the cookies being placed by setting your browser
> to warn you before accepting cookies. If the browser does not accept
> cookies and you have wrapped all the hrefs in encodeURL, weblogic will
> then use url rewritting to track sessions.
>
> A related problem that bit me was how netscape views servers. Weblogic
> defaults to using port 7001 for http and port 7002 for https. Netscape
> treats requests to specified ports as coming from different servers,
> which means that it will not send back the session cookie as you switch
> between http and https while using the defaults for weblogic. If you run
> weblogic on the standard ports, (80 for http, and 443 for https) and do
> not specify ports in your request, netscape will treat both protocols as
> having come from the same server and return the session cookies
> regardless of what protocol made the request. IE doesn't have this
> problem. It will return cookies to all ports from the same server.
>
> Carles
>
> Tom Preston wrote:
> >
> > I checked for cookies being written as I was testing sessions using the weblogic
> > application server.
> >
> > I was surprised to find that a different browser invokation was not putting me into
> > the same user
> > session (if this was being done with cookies,, it seemed that it should have). I
> > started poking around
> > and couldn't find any cookies on the client. We sent a msg to weblogic support to
> > find out about
> > implementation and I believe that they replied that they were not using cookies to
> > support sessions.
> > I will see if I can dig up some real facts about implementation there.
> >
> > Mike Engelhart wrote:
> >
> > > Tom Preston wrote:
> > >
> > > > They figure out who you are in diff ways. Can't remember details, but I
> > > > recall
> > > > that client
> > > > ip address is part of it.
> > > I'm pretty sure that can't be right. IP addresses aren't guaranteed at all
> > > - they can be spoofed or if the user is coming from behind a proxy server
> > > their IP address could be anything.
> > >
> > > Mike
> > >
> > > ===========================================================================
> > > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
> > > FAQs on JSP can be found at:
> > > http://java.sun.com/products/jsp/faq.html
> > > http://www.esperanto.org.nz/jsp/jspfaq.html
> >
> > --
> > Tom
> >
> > Thomas Preston
> > Vacation.com, Inc.
> > Engineering Department
> > 617.210.4855 x 124
> >
> > ===========================================================================
> > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
> > FAQs on JSP can be found at:
> > http://java.sun.com/products/jsp/faq.html
> > http://www.esperanto.org.nz/jsp/jspfaq.html
>
> ===========================================================================
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
> FAQs on JSP can be found at:
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
--
Tom
Thomas Preston
Vacation.com, Inc.
Engineering Department
617.210.4855 x 124
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
