Re: HttpServletRequest.getSession(...) algorithm?

Wed, 31 Mar 1999 23:44:38 -0500 

Chad,

The mechanics of managing the session (state) in
a non-session oriented protocol (such as http) is
pretty much the same in most products.

I cannot speak to the particulars of the JSP feature
(pretty sure they are compiling to be an extension
to the HTTPServlet base class, which you could look
up the source for and analyze), but I can discuss the
way it is managed in ASP, and in similar efforts.

Typically, the browser needs to accept a cookie, and
a random 'session-id' is generated at the server, which
is the only item stored in the cookie.  Microsoft provided
a technique they called 'cookie-munger' in IIS4 (maybe in
the IIS4 SDK or ResourceKit, not certain now) that would
provide a cookie management like functionality to
clients (and browsers) that would not accept cookies.

Hope this helps in getting you started.

Art

-----Original Message-----
From: A mailing list about Java Server Pages specification
and reference
[mailto:[EMAIL PROTECTED]]On Behalf Of Chad Darby
Sent: Wednesday, March 31, 1999 9:57 PM
To: [EMAIL PROTECTED]
Subject: HttpServletRequest.getSession(...) algorithm?


Hi,

Does any know how the HttpServletRequest.getSession() method
is
implemented?  Basically what is the general algorithm for
assigning
unique session ids for multiple users?

In the past, I've simply accepted the "black magic" that it
works.  Now
I'm curious on "how" it works.

Any info is appreciated.  Thanks!

--
-----------------------------------------------
Chad (shod) Darby    |    J9 Consulting, Inc.
[EMAIL PROTECTED]     |    http://www.j-nine.com
-----------------------------------------------

============================================================
===============
To unsubscribe, send email to [EMAIL PROTECTED] and
include in the body
of the message "signoff JSP-INTEREST".  For general help,
send email to
[EMAIL PROTECTED] and include in the body of the message
"help".

===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff JSP-INTEREST".  For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".

Reply via email to