> >Is there any way to enforce a session cookie (JSESSIONID)to be send > >to the client (browser) from servlet. > > No, because the Servlet Spec says Servlet Container must work even on > clients that don't support cookies (or have cookies turned off, which is > becoming a more and more common use-case).
Session cookies (those that don't persist) are becoming quite common actually because even small devices are able to keep that bit of session state quite easily. Also, device makers want their devices to work on the widest variety of systems, and session cookies are used just about everywhere, whereas URL rewriting is less common. Nost web users allow cookies, and fewer still restrict session cookies that comes from the primary site (as opposed to one generated by those advertising goofs). While the container may not support this enforcement, you could at least warn users using a series of redirects. 1) On first load, if no session cookie exists (or your own session-oriented cookie if you like), add the cookie and redirect to a cookie checker page. 2) If the cookie checker page does not detect the cookie, then it can display a warning/error to the user telling them that session cookies are required to use your site. If it finds the cookie, then it can redirect either back to the main page or to whatever page you want them to go to next since you know they have the cookie. David --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
