tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Naga Yerramsetti <n...@tems.com>
Subject Re: Session Tracking
Date Wed, 31 May 2000 16:12:23 GMT
I think both techniques will work if server support URL rewriting.
Otherwise, if server won't support URL Rewriting, with each request  I think  the session
would expire if the session id won't come from a cookie and a new session would be created

Arion wrote:

> Hi!
>
> Isn't the HttpServletResponse.encodeURL already did the job well?
>
> Arion
>
> Jeff Rhines wrote:
>
> > How about this:  do the URL encoding yourself, putting the session id into
> > the URL just as the dev kit is supposed to.  It's not the retrieving the
> > session from an id that is broke, just the encodeURL, correct?  So if one
> > were to provide the id in all cases, would that work?
> >
> > Just an after-dinner thought,
> >
> > Jeff
> >
> > > -----Original Message-----
> > > From: Alexandros Kotsiras [mailto:kotsiras@mediaondemand.com]
> > > Sent: Tuesday, May 30, 2000 12:29 PM
> > > To: tomcat-user@jakarta.apache.org
> > > Subject: RE: Session Tracking
> > >
> > >
> > > You will have to use the HttpSessionContext Interface which
> > > allows you to
> > > get a session object from the sessionID.
> > > The problem is that this approach was deprecated in the 2.1
> > > API because
> > > probably it is a security risk to retrieve sessions given a
> > > session ID.
> > > Unfortunatelly there is no other way, and it seems that the
> > > Servlet Engine
> > > HAS to support URL rewriting , otherwise session tracking with cookies
> > > disabled is imposible.
> > > I hope that URLRewriting will be supported in the next
> > > version of Tomcat.
> > > It's strange that it is not working in the current version because in
> > > JServ1.1 URLRewriting was working fine..
> > >
> > > -----Original Message-----
> > > From: Naga Yerramsetti [mailto:naga@tems.com]
> > > Sent: Tuesday, May 30, 2000 1:01 PM
> > > To: tomcat-user@jakarta.apache.org
> > > Subject: Session Tracking
> > >
> > >
> > > Is there a way to hold a session even if the server won't
> > > support the URL
> > > rewriting and browser doesn't allow cookies.
> > >
> > > Can I include session ID as a hidden parameter and get the
> > > session using
> > > session ID in the next page.
> > > If so, how can I get the session using the sessionID.
> > >
> > > Thanks in advance,
> > > Naga
> > >
> > >
> > > --------------------------------------------------------------
> > > ------------
> > > To unsubscribe, email: tomcat-user-unsubscribe@jakarta.apache.org
> > > For additional commmands, email: tomcat-user-help@jakarta.apache.org
> > >
> > >
> > > --------------------------------------------------------------
> > > ------------
> > > To unsubscribe, email: tomcat-user-unsubscribe@jakarta.apache.org
> > > For additional commmands, email: tomcat-user-help@jakarta.apache.org
> > >
> > >
> > >
> >
> > --------------------------------------------------------------------------
> > To unsubscribe, email: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commmands, email: tomcat-user-help@jakarta.apache.org
>
> --------------------------------------------------------------------------
> To unsubscribe, email: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commmands, email: tomcat-user-help@jakarta.apache.org


Mime
View raw message