John Evershed wrote:
> Cookies are the easiest way to maintain session state.
>
> BUT, if you depend on cookies, you run the risk of the
> client browser either not being capable of accepting
> cookies or the browser user deliberately turning cookies
> off.
>
> When this happens, you probably end up creating new session
> each time that user accesses a page in your application -
> this could add up to a lot of useless object clutter in your
> VM (as the new sessions cannot ever be used).
>
> Does anyone have a comment on the advisability of the
> following solution?... [snipped mechanism to tell the user they need
> cookies]
The Servlet API does offer a standard approach to using sessions even when the
browser does not have cookies enabled. It is called URL rewriting. This
allows you to presume support for sessions without worrying about whether or
not cookies are actually being used "under the covers". The only additional
responsibility you need to do is call HttpServletResponse.encodeUr() for each
URL that your servlet generates that points back to this application.
If you really want to not support the user when cookies are disabled, just use
getSession(false) in your subsequent pages (i.e. once you are past the "home"
page of the site). If this returns null (because no session id cookie was
retunred), you can do your error page thing, and not worry about creating lots
of useless sessions.
Craig McClanahan
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
