Application Server Solutions for Microsoft IIS and ASP.NET
       solutions   products   partners   company   support   downloads         store
BlueDragon Self-Help: FAQ
Back to Search >  Back to Search Results

Faq ID 144
Product ServletExec
Category Session Tracking, Web Application
Question How does ServletExec track sessions in a Web Application?
Answer By using either Cookies, or URL Rewriting (if the client does not accept cookies).
This conforms to sections 7.1.1 and 7.1.4 of the Servlet 2.3 Specification.
ServletExec first looks for a cookie named "JSESSIONID" (all upper case) in the request header. The name of that cookie is mandated by the Servlet Specification. If the request has no such cookie, then ServletExec will look at the request URL itself to see if the session id is encoded/embedded there.
Note: If using URL Rewriting, one must be sure to call:

HttpServletResponse.encodeURL()
OR
HttpServletResponse.encodeRedirectURL()

for each link emitted by their code.

For JSPs, one could pass an init parameter named "urlRewriting" with a value of true, to the JSP Engine that's built into ServletExec.

  • For SE 5.x and newer, that JSP Engine is implemented by a servlet named "JspServlet".
  • For SE 4.x and older, that JSP Engine is implemented by a servlet named "JSP10Servlet".

For more details on how to configure that Servlet, please read FAQ #315

Section SRV.7.1.3 of the Servlet 2.3 Specification describes the proper format for this. For example:

http://www.myserver.com/catalog/index.html;jsessionid=1234?param=value

NOTE: If the client accepts cookies then the above-mentioned encode methods of the Response Object will not actually encode the URL (see JavaDocs for more information about this).
Also note that the name "jsessionid" is all lower case when it appears in the url itself. This is mandated by the Servlet Specification.



   
company media information terms of use privacy policy contact us