gudii9
asked on
servlet state session
Hi,
I was ging through servlet state session tracking topic.
I would like to know different approaches and advantages and disadvantages of each approach. Why URL rewriting is better thena hidden fields or cookies. I would like to run some practical examples on each of these approaches.Please advise.
Any links resources ideas highly appreciated. Thanks in advance
I was ging through servlet state session tracking topic.
I would like to know different approaches and advantages and disadvantages of each approach. Why URL rewriting is better thena hidden fields or cookies. I would like to run some practical examples on each of these approaches.Please advise.
Any links resources ideas highly appreciated. Thanks in advance
Questions and Answers - Session state.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
>>>while all three methods involve sending the sessionID in cleartext (unless HTTPS is used),
How it is sent in case of HTTPS
>>> URL rewriting is that often a user might copy/paste a url and send to someone, and therefore the sessionID has been disclosed
what is the issue if sessionID is disclosed?
>>> if the user navigates to a different page, the Referer header might be set to the current page's URL (contained the sessionID) and hence this second web server has now got a hold of the sessionId
can you please elaborate on this.
What is the meaning of referer header.
How it is sent in case of HTTPS
>>> URL rewriting is that often a user might copy/paste a url and send to someone, and therefore the sessionID has been disclosed
what is the issue if sessionID is disclosed?
>>> if the user navigates to a different page, the Referer header might be set to the current page's URL (contained the sessionID) and hence this second web server has now got a hold of the sessionId
can you please elaborate on this.
What is the meaning of referer header.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.