Re: How does Session object resolve user identity?

[Gokul Singh]

> How does the session know which user is accessing it? Does it resolves the > user identity by IP address or cookie or IP address plus port number ... > etc? It is not based on IP address or Port no. or any combination there of. The server generates a session and an associated unique session id and sends this session id to the client. The client then sends to the server this session id on each subsequent request it makes to the server. The server recognises the client based on this session id. Now there are different ways for the passing of the session id from the server to the client and back. The first one is a cookie.The id is passed to and fro as a cookie. The second method is to put the session id as a part of the url. So any url that you leads to your site has the session id as part of the url. This can be achieved by using the method javax.servlet.http.HttpServletRequest.encodeURL(). More details on this method are given in the API docs. The third method is to use hidden variables in your html. Although in version 2.2 and beyond you can not retrieve a session based on the ID, you can build your own framework to wrap around the servlets session retrival to do that. > The problem is in mobile phones in Japan, cookie is not allowed. Also, there > is usually a gateway hiding the server, so all user will have same IP > address ( but they will have different port number) and if session resolve > by IP address only, then users will have access to other users session > object. I think it is answered above. > > Anthony Mak > Regds, Gokul ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html