Manage Session when broswer has disable cookies

Question

I wants to know that How can i Manage Session if the client browser has disabled cookie feature..

If I wants to implement it in simple JSP - Servlet, then how can I do that ?

Thanks in advance...

Answer 1

Without cookies, you have two options. The first is passing a sessionId through Urls. This requires a lot of work on the server because every url you send back must have a sessionId appended to it (usually in the form of a query string parameter). For example:

/path/to/page

becomes

/path/to/page?sessionid=ASDFG-ASDFG-ASDFG-ASDFG-ASDFG

The other option you have would be to combine what information you have via http into a "unique" key and create your own session bucket. By combining the Http UserAgent, RemoteIp and RemoteXfip you can get close to uniquely identifying a user, but there is no guarantees that this key is 100% unique.

Answer 2

In the JSP side, you can use JSTL's <c:url> for this.

<a href="<c:url value="page.jsp" />">link</a>

Easy as that. It will automagically append the jsessionid when cookies are disabled.

In the Servlet side you need HttpServletResponse#encodeURL() or -usually the preferred one inside Servlets- HttpServletResponse#encodeRedirectURL() for this.

response.sendRedirect(response.encodeRedirectURL("page.jsp"));