W3C home > Mailing lists > Public > www-jigsaw@w3.org > November to December 1999

session ID: Cookies vs. URL

From: Ingmar Krusch <nacht@novedia.de>
Date: Wed, 10 Nov 1999 16:32:45 +0100
To: "Jigsaw Mailingliste" <www-jigsaw@w3.org>
Message-ID: <001c01bf2b90$d6288d10$122aa8c0@eagle.novedia.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi

I was investigating the session support of jigsaw. What what I've
seen, jigsaw sends the session id as a set-cookie to the browser and
by this can identify any subsequent requests from that client as
being within this session regardless of the connection used.
The function

    public String getRequestedSessionId() {    if (requestedSessionID
== null) {
        requestedSessionID = getRequestedSessionIdFromCookie();
        if (requestedSessionID == null)
        requestedSessionID = getRequestedSessionIdFromURL();    }
    return requestedSessionID;    }

from JigsawHttpServletRequest suggests that the jigsaw retrieves the
session id from the URL if there is no cookie associated to the
request. I assume he decides to encode the session ID in the URL when
the browser chooses to reject the cookie.

How does the Jigsaw detect this? I mean, the browser ignores the
set-cookie by just not storing it?!

So, how is this done?


Ingmar


- --
Ingmar Krusch, Dipl.-Inf. (FH)             Ingmar.Krusch@novedia.de
Novedia GmbH, Hardenbergstraße 19          Tel +49 30 311889-37
10623 Berlin-Charlottenburg                Fax +49 30 311889-19

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>

iQA/AwUBOCmCDrKzgXyc3RmAEQLYBQCcCkz2WZpRa5rkjyPXV02rGWJbFxQAnjOb
MaEcE9moeaopKwoK406oNCZX
=bsjV
-----END PGP SIGNATURE-----


Received on Wednesday, 10 November 1999 10:33:42 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 9 April 2012 12:13:33 GMT