Saturday, April 6, 2013

How does Session handling works in Servlet environment ?

There are multiple ways to handle session by a servlet framework. For example following methods can be used,

  1. Storing Cookies on the client side
  2. URL Rewriting
  3. Hidden form fields

Servlets use cookies as the default mechanism for session tracking, but in case cookies are disabled on the client, Server can use URL re-writing for achieving the same.

When server calls request.getSession(true), then server generates and sends JSESSIONID back to the client for all future session references. JSESSIONID will then be stored by the client and sent back to the server using any of the above mentioned mechanisms.

To ensure that your Servlets support servers that use URL rewriting to track sessions, you must pass all the URL's used in your servlet through the

HttpServletResponse.encodeURL() method like :
out.println("<form actionb ='"+res.encodeURL("/example/htmlpage")+"'>");
This will append the sessionID to the form's action.

No comments:

Post a Comment

Your comment will be published after review from moderator