开发者

Manage Session when broswer has disable cookies

开发者 https://www.devze.com 2022-12-12 05:54 出处:网络
I wants to know that How can i Manage Session if the client browser has disabled cookie feature.开发者_高级运维.

I wants to know that How can i Manage Session if the client browser has disabled cookie feature.开发者_高级运维.

If I wants to implement it in simple JSP - Servlet, then how can I do that ?

Thanks in advance...


Without cookies, you have two options. The first is passing a sessionId through Urls. This requires a lot of work on the server because every url you send back must have a sessionId appended to it (usually in the form of a query string parameter). For example:

/path/to/page

becomes

/path/to/page?sessionid=ASDFG-ASDFG-ASDFG-ASDFG-ASDFG

The other option you have would be to combine what information you have via http into a "unique" key and create your own session bucket. By combining the Http UserAgent, RemoteIp and RemoteXfip you can get close to uniquely identifying a user, but there is no guarantees that this key is 100% unique.


In the JSP side, you can use JSTL's <c:url> for this.

<a href="<c:url value="page.jsp" />">link</a>

Easy as that. It will automagically append the jsessionid when cookies are disabled.

In the Servlet side you need HttpServletResponse#encodeURL() or -usually the preferred one inside Servlets- HttpServletResponse#encodeRedirectURL() for this.

response.sendRedirect(response.encodeRedirectURL("page.jsp"));


url rewriting

http://www.developertutorials.com/tutorials/java/implement-session-tracking-050611/page5.html


Each URL must be encoded using response.encodeURL("page.jsp")

This will add the Session ID onto the end of each URL so cookies do not have to be enabled.

Note that you will have to do this manually for every single URL in order for it to work.

See this link for more info.

0

精彩评论

暂无评论...
验证码 换一张
取 消