Luther -
We use a session tracking system implemented against the servlet API.
When cookies are available they are used. Otherwise, due to the way we
construct our pages, it is not efficient to use the implemented URL
rewriting. Instead we pass session ID's and construct our own GET or POST
data when we build the page.
I am curious about the differences you see between URL rewriting and passing
hidden variables. From a page creation standpoint the code is doing the same
thing: in a particular string replacing a variable with the session ID. So
the data is passed via GET or POST.
Perhaps there are HTTP header fields that could be leveraged for session ID
use, but I doubt that would be recommended. IP addresses could be used in a
controlled environment but wouldn't work once proxies and AOL were thrown
into the mix.
It really seems to boil down to cookies or rewriting (whether GET or POST).
jason
> -----Original Message-----
> From: A mailing list for discussion about Sun Microsystem's
> Java Servlet
> API Technology. [mailto:[EMAIL PROTECTED]]On Behalf Of
> Luther Andal
> Sent: Wednesday, May 19, 1999 9:08 AM
> To: [EMAIL PROTECTED]
> Subject: Session Tracking
>
>
> I would be very interested in how everyone is Tracking Sessions. I am
> interested in session tracking without cookies and without
> url - rewriting. I
> know that you can used hidden fields but how is everyone out
> there implementing
> Session Tracking?? How are you making your sites secure
> after after a user logs
> in and starts a session and so on... I have read the
> Servlet books out there
> and they do a great job of the basics but I would like to
> hear your solution.
> Please give detail so that we can see your solution in
> detail. Please specify
> if you use Servlet Engine provided session tracking or if you
> developed your
> own.
>
> Thanks,
>
> Luther
>
> ______________________________________________________________
> _____________
> To unsubscribe, send email to [EMAIL PROTECTED] and
> include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources:
http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
