发表新帖
发表新帖

how can i do sessions in java if some one disables cookies in my browser?

前端 未结
关注
8 1482
长发绾君心
长发绾君心 2020-12-09 12:58

I like to know if someone disables the cookies in my browser then cookies dont work for my browser then how can I do sessions in java. I am writing servlets for server side

相关标签:
8条回答
  • 小鲜肉
    2020-12-09 13:35

    As others have mentioned, you servlet container, e.g. tomcat, automatically resorts to putting the JSESSIONID in the url if the browser doesn't allow cookies. It is configurable in tomcat, as you can see in this answer.

    My advice is that you simply try it. Take your web application as it is right now, without changes, and run it in your browser with cookies disabled, and see what happens.

    0 讨论(0)
  • 不思量自难忘°
    2020-12-09 13:44

    If cookies are disabled, you can still maintain sessions by sending the value of JSESSIONID as a query parameter, like:

    http://www.mywebsite.com/somePage?JSESSIONID=389729387392

    Keep in mind that if security is a primary concern then you may not want to use this approach, as it puts the session id right into the url.

    0 讨论(0)
  • 一生所求
    2020-12-09 13:49

    For reference, it's good to know that html5 introduces sessionStorage as part of Web Storage. There is a good article on 24ways.org introducing it: Breaking Out The Edges of The Browser.

    Support:

    • Latest: Internet Explorer, Firefox, Safari (desktop & mobile/iPhone)
    • Partial: Google Chrome (only supports localStorage)
    • Not supported: Opera (as of 10.10)

    HTML5 (including next generation additions still in development)

    0 讨论(0)
  • 别那么骄傲
    2020-12-09 13:53

    Look at the standard taglibs for JSP-pages, notably the <c:url> tag.

    http://onjava.com/pub/a/pub/a/onjava/2002/05/08/jstl.html?page=2

    I believe that it also handles the jsession-id attribute if cookies are not available.

    0 讨论(0)
  • 感情败类
    2020-12-09 13:56

    If cookies are disabled, most session providers append a URL parameter called JSESSIONID to maintain session state

    0 讨论(0)
  • 暗喜
    2020-12-09 13:57

    The other answers are great; I don't need to repeat that. But I do have some additional comments.

    Please don't put session data (the entire session) in a cookie, but only a session id, possibly hashed. It's way too easy for people to edit the contents of a cookie. Leave the session data on the server; possibly in a database if you have lots of concurrent users or sessions live very long.

    If even the session id itself is very precious you could even put it in a POST parameter, thereby preventing that it occurs in the URL itself.

    0 讨论(0)
 看不清?
提交回复
热议问题