views:

113

answers:

2

Can anybody explain the following:

The unique JSESSIONID generated by the server for every client is exchanged between the client and server using Hidden form field

Thanks

+1  A: 

This is not true. It's been exchanged as a cookie.

Cookies are specified in the HTTP request and response headers. To see it yourself, use some tool with which you can view those headers, such as for example Firebug or Firefox Web Developer Toolbar.

Maybe you confused it with the "view state" which some MVC frameworks indeed passes as a hidden input field.

BalusC
+2  A: 

What server technology is this? Technically, you could do some form of session tracking if a form was posted every request, but I've never seen someone attempt this. It isn't something in any JEE API I've come across.

The Servlet specification only lists three session tracking mechanisms: HTTP cookies; SSL sessions; and URL rewriting.

McDowell