okie!! That sounds fine.. But for my requirements. I need the user to login and on login i set his userid in session and also create a cookie for soem random number storage. I do this in my first Action Class which is also checking for Valid user. This works fine till now. but if Cookies are disabled on browser, my random number check fails, in subsequent Action Classes, and i need to logout the user. I need the userid from session, but in this case, the userid i get is also null! In fact, if i print the jsessionid, it is also different, although i have request.getSession(false) in my subsequent Action Classes. Why wud this be happening??
On 1/17/06, Craig McClanahan <[EMAIL PROTECTED]> wrote: > > On 1/16/06, Christian Bollmeyer <[EMAIL PROTECTED]> wrote: > > > > Craig McClanahan schrieb: > > > On 1/15/06, Deepa Khetan <[EMAIL PROTECTED]> wrote: > > >> Hi! > > >> My application requires, "per-session cookie" to be enabled on client > > >> browser. How can i determine in my java code if it is enabled or not! > > >> Deepa > > > > > > There is only one test that is useful for this ... set a cookie on one > > > response, and see if that cookie comes back in on the subsequent > > request. > > > There is absolutely no way to know, from a current request, whether or > > not > > > cookies are enabled for *your* webapp. > > > > > Craig McClanahan > > > > Hm. So I understand request.isRequestedSessionIdFromCookie() is > > presumed to be useless, then? > > > Not true ... it tells you about the state of *this* request ... did the > client send in a cookie containing the requested session id. Indeed, the > container uses this knowledge (on the second and subsequent request of a > session, to know that it can skip the URL rewriting part. > > Why exactly? > > > Consider the very first request that comes in to an application, before > there is a session created yet. There will not be a session id cookie > even > if the client has cookies enabled, because there has never *been* a > session > yet. On the request that creates the session, then, the container will > send > the session id both ways (as a cookie and with rewriting), and then sees > which way it comes back in. > > For application cookies, you are in the same position -- there is no way > to > know ahead of time whether the client has cookies enabled (or if the user > has "warn me on cookie setting" turned on, and might choose to not allow > *this* particular cookie). The only recourse is to set the cookie on one > response and see if it comes back on a later request. > > -- Chris. > > > Craig > >
