HttpSession, cookies & URL rewriting

I have a web application running under Tomcat which uses the HttpSession object to track users' sessions.  The application is made up of some static HTML pages (for example, a frameset which contains a navigation menu) and servlets - not JSPs.

In my login servlet I use:

HttpSession s = request.getSession(true);

to establish the session and store some values such as UserID.

In other servlets, I use:

HttpSession s = request.getSession(false);

then I check if (s == null) which would mean there is no session, which means the user is not logged in.  If (s != null) I check some attributes of the session and proceed from there.

I have run into a problem where if the user does not have cookies enabled, the sessions are not being tracked, and therefore my "other" servlets think a user is not logged in, when in fact they have successfully logged in.  When cookies are enabled, everything is working properly.

My question is this:

If a user does not have cookies enabled, should the HttpSession object *automatically* use URL rewriting?  Is this something that I must set or configure in server.xml or web.xml?

If this functionality is not automatic (it doesn't seem to be, at least not the way Tomcat is configured now), how can I use the HttpSession object to track sessions without using cookies?

Thanks in advance for your assistance.





smiley_stratAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mick BarryJava DeveloperCommented:
> should the HttpSession object *automatically* use URL rewriting?

session really doesn't have anything to do with it

>  Is this something that I must set or configure in server.xml or web.xml?

Depends on your container

> how can I use the HttpSession object to track sessions without using cookies?

you don't use the session, you need to include the sessionid in *all* links on your site using encodeURL()

http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/http/HttpServletResponse.html#encodeURL(java.lang.String)

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Java EE

From novice to tech pro — start learning today.