session ID: Cookies vs. URL

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi

I was investigating the session support of jigsaw. What what I've
seen, jigsaw sends the session id as a set-cookie to the browser and
by this can identify any subsequent requests from that client as
being within this session regardless of the connection used.
The function

    public String getRequestedSessionId() {    if (requestedSessionID
== null) {
        requestedSessionID = getRequestedSessionIdFromCookie();
        if (requestedSessionID == null)
        requestedSessionID = getRequestedSessionIdFromURL();    }
    return requestedSessionID;    }

from JigsawHttpServletRequest suggests that the jigsaw retrieves the
session id from the URL if there is no cookie associated to the
request. I assume he decides to encode the session ID in the URL when
the browser chooses to reject the cookie.

How does the Jigsaw detect this? I mean, the browser ignores the
set-cookie by just not storing it?!

So, how is this done?


Ingmar


- --
Ingmar Krusch, Dipl.-Inf. (FH)             Ingmar.Krusch@novedia.de
Novedia GmbH, Hardenbergstraße 19          Tel +49 30 311889-37
10623 Berlin-Charlottenburg                Fax +49 30 311889-19

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>

iQA/AwUBOCmCDrKzgXyc3RmAEQLYBQCcCkz2WZpRa5rkjyPXV02rGWJbFxQAnjOb
MaEcE9moeaopKwoK406oNCZX
=bsjV
-----END PGP SIGNATURE-----

Received on Wednesday, 10 November 1999 10:33:42 UTC