Hi,
When a session is created, it becomes an object in the JVM. Its actually a
Hashtable or some sort of name/value list object. Not sure if its a
HashTable, or what. I do know the Servlet API defines it.
The session information stays IN the session on the server computer.
However, a special "session id" is sent back with EVERY response to the
client. Its done in three ways. One, if you have a servlet engine that has
auto-cookies (most if not all do), then a cookie is added to the response
on each page going back to the client. The client browser automatically
"stores" this cookie on the client computer as a name/value pair. Each time
the client requests a page from a server, the browser sends back ALL of the
cookies as part of the request object. The servlet engine automatically
finds the cookie it put in there (starting with Servlete 2.2 spec, its
ALWAYS named jsessionid). This is ALL transparent to you, the developer, so
cookies are the BEST way to go for "easy" programming. If EVERY page of
your site has a form on it, you can use FORM session tracking, where you
ALWAYS return a hidden field with the session id in it. That is the LEAST
desireable way to do it, because EVERY page must have a form on it. The
problem with the cookie approach is not all clients support it. That is,
any individual client can deny cookies, and most corporate companies behind
a firewall dont allow cookies to pass through it, thus preventing anybody
with it turned off or not allowed to get them from actually maintaining a
session with your site. Bad news. The BEST way is to do a combo of cookies,
and the 3rd way, URL Rewriting. URL Rewriting is time consuming, but it
guarantees a session is kept. Basically, EVERY link on EVERY page is
"encoded" with the session id as a parameter. Thus, a link like this: <a
href="path/page.html?jsessionid=" + request.getSession().getSessionID(); I
dont recall if this is the right method calls, but this needs to be done on
EVERY single link, button, etc. ANYTHING that can take the user away from
that page must be encoded to include the session id with it. If they go off
your site, their session is lost. There is nothing you can do about
that..unless they use cookies.
Hope that helps.
Kevin Duffey
[EMAIL PROTECTED]
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
