In one programm of my applicationI am saying session = HttpSession.getSession(true);This is first time I am creating a session in my application.I am also giving the commandreq.isRequestedSessionIdFromCokkie(); When this program is first executed , the first time isRequestedSessionFromCookie() returns falsebut once I refresh through the browser isRequestedSessionFromCookie() returns True. Is the problem that since my function isRequestedSessionFromCookie() is called in program where i am also creating for the session Object for the first time.As isRequestedSessionIdFromCookie() determines whether the session is created through cookie or encode URL , I attribute that for the First time my Request Object(req.isRequestedSessionIdFromCookie()) doesnot determine the first time whether the session object is created or no . But once I refresh the second time that function returns true. What I want is I should identify the first time whether cookies are enabled or no?? NimeshPlease help me
You are correct in assuming that isRequestedSessionIdFromCookie()
cannot be used while you are working on the request in which the session
is first created. There are two reasons for this:
* There would normally be no "requested session id" to check for,
since you are just now creating the session
* You cannot reliably tell whether the client browser
allows cookies until you try to send one and see if
it comes back ... which won't be determined until
the *next* request you receive.
When writing your servlets, you should *always* use the encodeUrl() call if you want sessions and there is any chance that the client browser does not support cookies. Once the servlet engine sees a subsequent request that has a session id cookie, it will stop modifying the URLs, and just pass them through unchanged, without having to care.
If you are trying to use isRequestedSessionIdFromCookie() to tell if the client's browser will accept your own application cookies (and not just the one the servlet engine uses for session ids), this is not a reliable test. Consider that the user can set their browser's properties to "warn before accepting a cookie" -- and the user can individually choose to accept one cookie but not the other. The only way to tell is to set a cookie in the current request, and see if it comes back on the following request.
Craig McClanahan
