smiley_strat
asked on
HttpSession, cookies & URL rewriting
I have a web application running under Tomcat which uses the HttpSession object to track users' sessions. The application is made up of some static HTML pages (for example, a frameset which contains a navigation menu) and servlets - not JSPs.
In my login servlet I use:
HttpSession s = request.getSession(true);
to establish the session and store some values such as UserID.
In other servlets, I use:
HttpSession s = request.getSession(false);
then I check if (s == null) which would mean there is no session, which means the user is not logged in. If (s != null) I check some attributes of the session and proceed from there.
I have run into a problem where if the user does not have cookies enabled, the sessions are not being tracked, and therefore my "other" servlets think a user is not logged in, when in fact they have successfully logged in. When cookies are enabled, everything is working properly.
My question is this:
If a user does not have cookies enabled, should the HttpSession object *automatically* use URL rewriting? Is this something that I must set or configure in server.xml or web.xml?
If this functionality is not automatic (it doesn't seem to be, at least not the way Tomcat is configured now), how can I use the HttpSession object to track sessions without using cookies?
Thanks in advance for your assistance.
In my login servlet I use:
HttpSession s = request.getSession(true);
to establish the session and store some values such as UserID.
In other servlets, I use:
HttpSession s = request.getSession(false);
then I check if (s == null) which would mean there is no session, which means the user is not logged in. If (s != null) I check some attributes of the session and proceed from there.
I have run into a problem where if the user does not have cookies enabled, the sessions are not being tracked, and therefore my "other" servlets think a user is not logged in, when in fact they have successfully logged in. When cookies are enabled, everything is working properly.
My question is this:
If a user does not have cookies enabled, should the HttpSession object *automatically* use URL rewriting? Is this something that I must set or configure in server.xml or web.xml?
If this functionality is not automatic (it doesn't seem to be, at least not the way Tomcat is configured now), how can I use the HttpSession object to track sessions without using cookies?
Thanks in advance for your assistance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.