See below.
Denis Bucher wrote:
> Hello !
>
> Maybe my message is too obvious to get answers, in that case I would
> appreciate (if no answers) at least some pointer or... Well any hint :-))
>
> Denis
>
> -------- Original Message --------
>
> Hello !
>
> I want to implement session IDs, but the best way. It's in a non-password
> environnement, simply a "hello dear client, we recognized you".
> I therefore have some questions :
>
> 1) To sort with-cookies and without-cookies browsers/users, we have to
> - do a reload from the servlet to the servlet with cookies, test if
> cookies are enabled, and if not work with IDs in the URL (?)
>
The standard session management facilities of the servlet API do this all for
you. The first response to the user will have the session ID in both encoded
URLs and in a cookie. If the client sends a cookie in on the next request, the
servlet engine sees that cookies are enabled, and stops encoding URLs. If the
cookie does not come back in, encoding must continue.
The only requirement to support non-cookie based sessions is that you call
response.encodeURL() around every hyperlink you generate that points back into
your application. There are examples of this in pretty much any of the servlet
books that have been published. In addition, check out the "Servlet Trail" in
the Java Language Tutorial at <http://java.sun.com/docs/books/tutorial>.
>
> If this is correct : I think the first hit is on the servlet *being* the
> *homepage* and the second on the servlet with an url like
> http://host/servlets/sessionserv?testsession
>
> If yes, how to see the url that was used ?
>
Just like seeing any other URL -- request.getRequestURI().
>
> 2) Then, each ID identifies one client, with a name and sometimes with
> an address. I suppose this has to be put into the database... (?)
>
> What is the cleanest way to do it ?
>
The session identifier is not going to tell you who the individual person is.
It will only tell you that this request came from the same user (well, really
the same client browser) as all the other requests in this session. You will
not be able to do that without asking them to log in.
>
> More than questions, are my affirmations correct ?
>
> Denis
>
Craig McClanahan
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
