Manage sessions without the use of cookies

The importance of the sessions in the implementation of dynamic web applications is crucial as they allow us to maintain state between client and server. This need is dictated by the fact that the HTTP protocol being stateless by nature, it loses any information about the client as soon as the request ends to serve.

Maintain a state, therefore, is essential in many cases, as transactions in a shopping cart, log into a website and many other functions that are currently implemented in different contexts that require web and track the actions by the client to Hilti.

This is made ​​possible, in fact, the session is simply an alphanumeric string generated by the server that identifies a connection to the client for a certain period of time.
At first the client's request, the server sends a cookie to the browser that contains the lightweight 'session ID on the request. In this way, for each subsequent operation of the browser is sent the ID contained in the cookie and the server keeps track of things that 'make the website user. This type of cookie is destroyed when you close the browser page.

In this short guide will explain how to act, with the JSP, if a user has disabled cookies in your browser, and then you would find in a series of problems in navigation and null'utilizzo website.

Java Server Pages in a session is simply an instance of HttpSession is created by the server, and passed as a reference to the servlet via the HttpServletRequest object. Let's see how to get a 'resort to' inside of a servlet:

 ....







 protected void processRequest (HttpServletRequest request,



  



 HttpServletResponse response) throws ServletException, IOException {



  



 ...



  



 HttpSession session = request.getSession (true);



  



 ...







 }







 ...

The true value that we pass to the method getSession () indicates when creating the session has not yet been created, otherwise pass false. In a jsp page, but we can directly use the ' implicit session object , which we shall see shortly in a practical example.

Sessions without cookies

Make our web application can not be deferred in respect of cookies, that is able to act the same way regardless of whether cookies are enabled or not is quite easy if you take this into account in the design phase. The technique that I show is called URL-rewriting, and is to append all the links in the pages of our site the session ID using the method encodeURL HttpServletResponse class:

 



 encodeURL public String (String url)

 

The advantage of this method is that the session ID is attached to the links only if cookies are not enabled, otherwise the method does not make any changes to the link. So a necessary condition is to build all the urls (interior of course) by the method of the web encodeURL. It looks like a url if cookies are disabled:

 



 http://localhost/testsession.jsp; jsessionid = fbf1df21c007ffd8f5a73382eb2a

 

• <<
• 1
• 2
• >>