stackoom
  简体   繁体   中英

Session Handling without Cookies and URL rewriting

 原文  2011-09-26 21:14:56       java/ jsp/ url-rewriting/ session-cookies/ session-management

Question

I have an old web site(servlets, JSP, and Struts). Currently, session management handled by using cookies. I wanted to redesign this site to make browser independent.

I know there is an alternate - URL re-writing, however, this is not feasible for me to re-write(encode) all the URLs in my application.

I am looking for a solution which should not impact my code much. Please suggest me, if anyone is having a feasible solution. It will be a great help to me.

3 answers

solution1
 1  2011-09-26 21:28:51

This makes no sense. Just use URL rewriting. Otherwise you basically end up in reinventing the whole HttpSession concept. You'd need to change every line in your code which uses HttpSession . This will require much more time than fixing your webapp to utilize URL rewriting. Bite the bullet and take this as a lesson learnt so that you don't make the same mistake of not doing URL rewriting for the future projects which requires supporting browsers which don't support cookies.

solution2
 0  2011-09-26 21:21:02

As far as I can imagine there is only one third option other than session token in URL or Cookie that is so dirty and impractical that I would not recommend it ;) But here we go:

Have a hidden form field on every page with the session token and every request to the server must be a form submit including the hidden fields value.

solution3
 0  2011-09-26 21:37:23

From my point of view cookies are already the best solution when optimizing for browser independence only (excluding implicit sessions via GET).

Rewrite all a.href with javascript to add the session hash as parameter.

This shouldn't be your solution if you go for true browser independence as cookies are more widespread than javascript support. Larger chunks of data can be stored in LocalStorage.

sessionStorage.setItem("key", "value");

and

var key_value = sessionStorage.getItem("key");

Easy to set up and considerably faster for larger client side session data. But you still have to send some data to the server via POST/GET AJAX calls to actually track the session on the server-side.

Cookies should be friends, not foes.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question OpenCMS session without cookies? session management without cookies Servlet Session - switch from URL Rewriting to Cookie Android to PHP session without cookies How to identify website visitor when cookies disabled and URL rewriting is not allowed? Send values from Servlet to JSP without cookies andr session not being shown on URL Handling Cookies while working with URL class in java Apache URL rewriting without mod_rewrite access URL parameters without cookies Android Session cookies without using CookieManager
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM