I have read that if cookies r disabled on client side then the Session API in servlet
will be using URL rewriting to pass the sesssion id back and forth and all this will be
done automatically.
SO Session API will work even if client has disabled cookie.
I am not sure whether it really happens or not.
Khem Chand
Hendrik Schreiber wrote:
> Hi!
>
> URL rewriting means that a URL in a page, that your JSP or servlets produces, is
> encoded with the method response.encodeURL(String yourURL).
>
> So in a JSP instead of writing:
> <a href="someURL">target</a>
>
> you should write:
> <a href="<%=response.encodeURL("someURL")%>">target</a>
>
> pretty much the same applies to servlets.
>
> And that is exactly the limitation: you have to rewrite every single URL you
> produce!
> The session id is sent back from the client to the server by clicking on the
> encoded link.
> Contrary to Cookies, URL rewriting does not make use of headers.
>
> If you want to make sure everybody out there shall be able to use your application,
> use URL rewriting where necessary (see request.isRequestedSessionIdFromURL() and
> request.isRequestedSessionIdFromCookie()).
>
> If you don't want to go through the hassle, just use cookies and tell you users to
> accept them. IMHO they are absolutely no scurity risk.
>
> -hendrik
> - - - - - - - - - - - - - - - - - - - - - - - - - - -
> tagtraum industries http://www.tagtraum.com/
> jo! small&smart 2.2 servletengine
> Java Server & Servlets The web-application book
> The WebApp Framework http://www.webapp.de/
>
> Joe Hanink wrote:
>
> > Questions about URL Rewriting:
> >
> > what exactly is this and how is it done?
> > what does the server do, and what is programmed?
> >
> > i've read that sessions tied to cookies can fail due to client side
> > settings. url-rewriting was indicated as the workaround.
> >
> > do you build an adapted url or is it automated by some setting?
> > does the client app pass its session id with every request, via some header?
> >
> > finally, what are the limitations of url-rewriting... that is, what are the
> > failure modes (e.g. user clicks back button?)
> >
> > ===========================================================================
> > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
> > Some relevant FAQs on JSP/Servlets can be found at:
> >
> > http://java.sun.com/products/jsp/faq.html
> > http://www.esperanto.org.nz/jsp/jspfaq.html
> > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
>
> ===========================================================================
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets