views:

241

answers:

4

Hello All...

I wants to know that How can i Manage Session if the client browser has disabled cookie feature..

If I wants to implement it in simple JSP - Servlet, then how can I do that ?

Thanks in advance...

+2  A: 

Without cookies, you have two options. The first is passing a sessionId through Urls. This requires a lot of work on the server because every url you send back must have a sessionId appended to it (usually in the form of a query string parameter). For example:

/path/to/page

becomes

/path/to/page?sessionid=ASDFG-ASDFG-ASDFG-ASDFG-ASDFG

The other option you have would be to combine what information you have via http into a "unique" key and create your own session bucket. By combining the Http UserAgent, RemoteIp and RemoteXfip you can get close to uniquely identifying a user, but there is no guarantees that this key is 100% unique.

LorenVS
what will happen if I press F5 in my browser for second option?
S.Mark
since the user agent, remoteIp and remoteXfip are all sent to the server on all requests, you could create the same "unique" key and seek into your session bucket. Thats the advantage of the second solution, it doesn't require any changes to website structure or url structure
LorenVS
+2  A: 

Each URL must be encoded using response.encodeURL("page.jsp")

This will add the Session ID onto the end of each URL so cookies do not have to be enabled.

Note that you will have to do this manually for every single URL in order for it to work.

See this link for more info.

Phill Sacre
+1  A: 

In the JSP side, you can use JSTL's <c:url> for this.

<a href="<c:url value="page.jsp" />">link</a>

Easy as that. It will automagically append the jsessionid when cookies are disabled.

In the Servlet side you need HttpServletResponse#encodeURL() or -usually the preferred one inside Servlets- HttpServletResponse#encodeRedirectURL() for this.

response.sendRedirect(response.encodeRedirectURL("page.jsp"));
BalusC