On 1/16/06, Christian Bollmeyer <[EMAIL PROTECTED]> wrote: > > Craig McClanahan schrieb: > > On 1/15/06, Deepa Khetan <[EMAIL PROTECTED]> wrote: > >> Hi! > >> My application requires, "per-session cookie" to be enabled on client > >> browser. How can i determine in my java code if it is enabled or not! > >> Deepa > > > > There is only one test that is useful for this ... set a cookie on one > > response, and see if that cookie comes back in on the subsequent > request. > > There is absolutely no way to know, from a current request, whether or > not > > cookies are enabled for *your* webapp. > > > Craig McClanahan > > Hm. So I understand request.isRequestedSessionIdFromCookie() is > presumed to be useless, then?
Not true ... it tells you about the state of *this* request ... did the client send in a cookie containing the requested session id. Indeed, the container uses this knowledge (on the second and subsequent request of a session, to know that it can skip the URL rewriting part. Why exactly? Consider the very first request that comes in to an application, before there is a session created yet. There will not be a session id cookie even if the client has cookies enabled, because there has never *been* a session yet. On the request that creates the session, then, the container will send the session id both ways (as a cookie and with rewriting), and then sees which way it comes back in. For application cookies, you are in the same position -- there is no way to know ahead of time whether the client has cookies enabled (or if the user has "warn me on cookie setting" turned on, and might choose to not allow *this* particular cookie). The only recourse is to set the cookie on one response and see if it comes back on a later request. -- Chris. Craig
