User sessions and cookies. How does an application server do it?

Discussion in 'Java' started by Andrea Desole, Apr 12, 2005.

  1. A usual way to check if the browser supports cookies is to set a cookie
    (using either JavaScript or server side Java code), and then to check
    that a cookie is set. However, an application server is supposed to do
    the same check, since it has to decide if the session id has to be
    stored in a cookie or as a request parameter in the url.
    Since the application server doesn't add any JavaScript to the page, the
    only way would be to set a cookie when the first page is loaded,
    redirect to a second page, and check on the second page that the cookie
    is there. That looks unlikely.
    I would be curious to know how an application server solves this
    problem. I found nothing in the W3C specs that gives me a hint.
    Anyone has an idea?
    Andrea Desole, Apr 12, 2005
    1. Advertisements

  2. Andrea Desole

    Wendy S Guest

    You'll probably have more luck in the Servlet specification or in the source
    code for Tomcat.

    What seems to happen is that the server sets a cookie on the first page, and
    rewrites all the URLs on that page with ;jsessionid appended. On the next
    request, it checks for the cookie, but if it's not there, the server can
    still get the session ID from the end of the URL. If the cookie was
    present, it stops rewriting the URLs, if not, it continues doing so.

    Just my guess based on observation, it works so I haven't delved into
    exactly HOW it works.
    Wendy S, Apr 12, 2005
    1. Advertisements

  3. yes, I thought about looking at the code
    mmm, that means that you always have the session id in the second url,
    which indeed seems to be the case. I'll look at it.
    :) I understand. It's just that I looked at how to check if cookies are
    enabled, and I thought that probably a server use an easier solution,
    which I don't know. We also had a strange issue here (session cookie was
    set on mozilla but not on IE, and a new session was created each time),
    that really made me wonder how the thing works.
    I'm now simply using isRequestedSessionIdFromCookie() to check that
    cookies are supported, and it works, but I'm still curious.
    Andrea Desole, Apr 12, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.