Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Supporting Sessions Without Cookies in Tomcat

Tags:

java

cookies

session

tomcat

I am currently running an application with the following properties:

  • Java-based with Spring and Acegi
  • Running on Tomcat 5

I need the ability to support user sessions without cookies. Could someone please point me in the right direction.

Thank you.

like image 685
Zakir Hemraj Avatar asked Jan 12 '09 19:01

Zakir Hemraj

People also ask

Is it possible to use session without cookies?

You can also login without Cookies only by Session Id and Time, but you have to write them both in your Database direct after Successful Login. I have in index. php something like this that will always generate a new session id based on time and the old session id if conditions are not verified.

How do you handle Sessions without cookies?

The HTTP POST method provides an alternative to cookies to maintain session state. The HTTP POST method provides the same state information as would a cookie but has the advantage that it works even when cookies are not available. This method is not common in practice, but it is a good example to learn from.

How does Tomcat maintain session?

In session management, Tomcat creates a session id whenever client's first request gets to the server (However, other servlet containers may behave differently). Then it inserts this session id into a cookie with a name JSESSIONID and sends along with the response.

Is session dependent on cookie?

Sessions are cookies dependent, whereas Cookies are not dependent on Session. The session ends when the user closes the browser or logout from the application, whereas Cookies expire at the set time. A session can store as much data as a user want, whereas Cookies have a limited size of 4KB.

1 Answers

The complete answer to this question is a combination of all your responses, so I'm going to summarize:

  1. There is no need to set cookies="false" in the context.xml file. The ideal functionality is for tomcat to use it's url-based session identification, which will be used by default if cookies are not supported by the user.

  2. When a user doesn't have cookies enabled, tomcat will identify the session by the "JSESSIONID" parameter from the url of the request. A couple sample urls are as follows http://www.myurl.com;jsessionid=123456AFGT3 http://www.myurl.com;jsessionid=123456AFGT3?param1=value&param2=value2 Notice how the session id is not part of the url query string (this is a j2ee standard)

  3. In order to ensure the jsessionid parameter gets appended to all your request URLs, you can't have plain url references. For example, in JSTL, you have to use < c:url>. The servlet engine will then automatically append the jsessionid to the url if it is necessary. Here's an example:

    <%--this is bad:--%> < a href="page.html">link< / a>

    <%--this is good:--%> < a href="< c:url value='page.html'/>">link< / a>

like image 169
Zakir Hemraj Avatar answered Sep 23 '22 16:09

Zakir Hemraj
Sign in to Comment

Related questions

Spring AOP CGLIB proxy's field is null
Can I "use" Java 8 with Android Development now?
How to convert java.util.stream.Stream<Something> into kotlin.Sequence<Something>
Why doesn't Stream#reduce implicitly accept an accumulative function handling super type elements?
How to deserialise a subclass in Firebase using getValue(Subclass.class)
How to locate a span with a specific text in Selenium? (Using Java)
Spring Boot Integration Testing with mocked Services/Components
Unable to set runtime Local Server Port in Spring Boot Test 1.5
I used Glide library to load image into imageView and I don't know how to make image pinch to zoomable
EditorConfig in Android Studio
Exporting a package from system module is not allowed with --release
Idiomatically creating a multi-value Map from a Stream in Java 8
Where is the "server log" for Tomcat when running externally from IntelliJ Ultimate?
Get the extension from a MimeType
How do I sum the values in a Reactor Flux stream?
How to deny access to all URLs by default?
NULL safe object checking in JAVA 8
Why is deletion of an item at end of Dynamic array O(n) time complexity?
Video Thumbnails in Java
Why does my application still run after closing main window?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!