<div>
<a href="http://www.oracle.com/technetwork/java/session-state-140543.html" rel="ugc">Questions and Answers - Session state</a>.
</div>


Questions and Answers - Session state [http://www.oracle.com/technetwork/java/session-state-140543.html].

<div>
&gt;&gt;&gt;while all three methods involve sending the sessionID in cleartext (unless HTTPS is used),<br />
<br />
<br />
How it is sent in case of HTTPS<br />
<br />
&gt;&gt;&gt;&nbsp;URL rewriting is that often a user might copy/paste a url and send to someone, and therefore the sessionID has been disclosed<br />
<br />
what is the issue if sessionID is disclosed? <br />
<br />
<br />
&gt;&gt;&gt;&nbsp;if the user navigates to a different page, the Referer header might be set to the current page's URL (contained the sessionID) and hence this second web server has now got a hold of the sessionId <br />
<br />
<br />
can you please elaborate on this.<br />
<br />
What is the meaning of referer header.
</div>


>>>while all three methods involve sending the sessionID in cleartext (unless HTTPS is used),


How it is sent in case of HTTPS

>>> URL rewriting is that often a user might copy/paste a url and send to someone, and therefore the sessionID has been disclosed

what is the issue if sessionID is disclosed?


>>> if the user navigates to a different page, the Referer header might be set to the current page's URL (contained the sessionID) and hence this second web server has now got a hold of the sessionId


can you please elaborate on this.

What is the meaning of referer header.

<div>
<div class="content wysiwyg-content">
Hi,<br />
<br />
I was ging through servlet state session tracking topic.<br />
<br />
I would like to know different approaches and advantages and disadvantages of each approach. &nbsp;Why URL rewriting is better thena hidden fields or cookies. I would like to run some practical examples on each of these approaches.Please advise.<br />
<br />
Any links resources ideas highly appreciated. Thanks in advance
</div>
</div>


Hi,

I was ging through servlet state session tracking topic.

I would like to know different approaches and advantages and disadvantages of each approach.  Why URL rewriting is better thena hidden fields or cookies. I would like to run some practical examples on each of these approaches.Please advise.

Any links resources ideas highly appreciated. Thanks in advance

servlet state session

Java is a platform-independent, object-oriented programming language and run-time environment, designed to have as few implementation dependencies as possible such that developers can write one set of code across all platforms using libraries. Most devices will not run Java natively, and require a run-time component to be installed in order to execute a Java program.

Java

JavaServer Pages (JSP) allow the development of dynamically generated web pages. It uses the Java programming language; JSP pages are translated into servlets at runtime, with each servlet being cached and reused until the JSP is modified. JSP allows Java code to be interleaved with static web markup content, so the resulting page can be compiled and executed on the server to deliver the content.

Java Enterprise Edition (Java EE) is a specification defining a collection of Java-based server and client technologies and how they interoperate. Java EE specifies server and client architectures and uses profiles to define technology sets targeted at specific classes of applications. All Java EE profiles share a set of common features, such as naming and resource injection, packaging rules and security requirements.