Most session are based on cookies,like php/jsp
But as for mobile devices,there are quite a few that doesn't support cookies.
How to generate a unique indentify for each user in the same corporation that uses the same IP address?
Most session are based on cookies,like php/jsp
But as for mobile devices,there are quite a few that doesn't support cookies.
How to generate a unique indentify for each user in the same corporation that uses the same IP address?
When cookies fail, an ol' good query string comes to the scene. Less secure, yes, but you have no choice anyway. You can refer to php session manual for the details
session_regenerate_id(); // get a new session id
if session cookies are enabled, use of session_regenerate_id() will also submit a new session cookie with the new session id.
Both PHP and JSP supports session tracking through URL's.
In PHP you just have to pass session_id()
as a PHPSESSID
request parameter through forms as hidden input element and links as part of query string.
<form action="page.php">
<input type="hidden" name="PHPSESSID" value="<?= session_id() ?>">
...
</form>
<a href="page.php?PHPSESSID=<?= session_id() ?>">link</a>
The PHP engine will automatically scan for it and apply it in cookieless sessions.
In JSP it's called "URL rewriting" (which has a quite different meaning in PHP / Apache HTTPD world). In the view side, you can make use of JSTL <c:url>
to rewrite the URL if necessary (it will automatically detect the need).
<form action="<c:url value="page.jsp">">
...
</form>
<a href="<c:url value="page.jsp">">link</a>
In the controller-side, when doing a server-side redirect inside the same context, you need to run HttpServletResponse#encodeRedirectURL()
on the URL before doing sendRedirect()
.
response.sendRedirect(response.encodeRedirectURL("page.jsp"));
Either way, it will automatically append jsessionid
to the URL, in the following syntax:
/page.jsp;jsessionid=5AE12D39BCE87F61029876BF1AA28
The servletcontainer will automatically scan for it and apply it in cookieless sessions.