Handling Sessions Without Cookies

Normally, JSP and servlet sessions rely on the HTTP cookie mechanism to preserve the session identifier between requests. Cookies are really nice for doing things like sessions, and even for online ordering. Unfortunately, cookies have also been abused. Many Web sites store personal information in cookies, and many Web users don't like their personal information being sent to another Web server without their knowledge. To put it simply, cookie abuse has given cookies a bad name.

Many users now disable cookies within their browser. You might think that with cookies disabled, there is no way to keep track of session information.

Fortunately, there is another solution.

If you knew the session ID, you could pass ...

Get Special Edition Using Java™ 2 Enterprise Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.