URL rewriting JSESSIONID

(1)

This is an insurance measure
Because session requires cookie support by default
However, some client browsers disable cookies.
In this case, you need to specify the session ID on the server in the URL, that is, 5f4771183629c9834f8382e23be13c4c.
You can use a method (forget the name of the method) to process the URL string to get this thing.
This method will determine whether your browser has enabled the cookie. If he thinks that the cookie should be added

(2)

Link 1: wapbrowse. jsp? Curalbumid = 9;
Link 2: wapbrowse. jsp; JSESSIONID = 5ac6268dd8d4d5d1fdf5d41e9f2fd960? Curalbumid = 9;
These two links are copied from the source generated during the simulator runtime. Both links are directed to wapbrowse. JSP, link 1 does not contain JSESSIONID, so in wapbrowse. the variable in JSP is null and wapbrowse is opened through link 2. JSP can normally Access session Variables

(3)

The URL rewriting function is set to prevent users from disabling cookies and failing to use sessions. A long string after JSESSIONID is the ID of the session on your server, so that you can use the session without Cookie.

(4)

HTTP itself has no session and cannot track client information. In other words, no matter who connects the HTTP protocol to itself.
To implement the session, you must have browser support. The browser can use cookies to store sessions. This is the most common practice.
However, if I write a browser that fully complies with the HTTP protocol but does not meet the session requirements of the server, the server cannot generate a session.
Fortunately, all browsers now support session requirements. Even if the cookie is disabled, the browser will pass the sessionid to the server. This ID is stored in the browser's memory space and not saved in the hard disk cookie.

(5)

Sessionid is used as a temporary cookie on the browser end.

The session information is stored on the server.

Each request sent by the browser carries a sessionid in the HTTP header to identify itself.

Now that struts is used, use jstl again,

The following is a very useful Tag:

Listing 12. Operation syntax
Var ="Name"Scope ="Scope">

...

URL rewriting is automatically executed by the operation. If the JSP Container detects a cookie that stores the user's current session ID, it does not have to be overwritten. However, if such a cookie does not exist, all generated URLs will be overwritten to encode the session ID. Note: if an appropriate cookie exists in a subsequent request, rewrite the URL to include this identifier.

Refer:Http://www-900.ibm.com/developerWorks/cn/java/j-jstl0318/index.shtml

(6)

Method 1: add the servlet/JSP file name in the URL; JSESSIONID = sessionid, where sessionid is obtained by httpsession. GETID (), as shown inHttp: // localhost: 8080/AAA/BBB. jsp; JSESSIONID = saldjfsdflsaeir234? Para = 1 limit 2 = 2

Method 2: In application (servletcontext), save a session manager hashmap: sessionid --- sessionref, which can be called in all servlets/JSPs, this requires the sessionid to be passed as a parameter in the URL, as shown in figureHttp: // localhost: 8080/AAA/BBB. jsp? Sessionid = saldjfsdflsaeir234? Para = 1 second ¶; 2 = 2, request. getparameter ("Sessionid") Get

(7)

Session is saved on the server. The server searches for the corresponding session based on the session_id in the URL request.

Taking a BBS as an example, the website needs to obtain the user information based on each request URL. If the user information is stored in cookies in cookie mode, this may be insecure; if session is used, user information can be stored on the server. If the server obtains session_id from the HTTP request, it can obtain the user information stored in the session, which is highly secure. The session expression on the server depends on the server. It may be written to a temporary file or directly stored in the memory.

The server obtains session_id from an HTTP request in two ways: Cookie and URL rewriting. If cookie is enabled on the client, session_id can be saved in the cookie. If cookie is disabled, you can use the URL rewriting method to add it to the URL. in the JSESSIONID = XXXXX parameter section, the server will try to get it from the URL. the JSESSIONID parameter is used as session_id.

(8)

Cookie is the text format data stored on the client. session is the unique identifier created by the server for the client when the client logs on to the application, you can save the client data, such as the user account, in the session.
Generally, cookies can be used to save your Logon account and password. After you log on to the Application Service, the cookies are automatically added to the logon interface or directly sent to the server for logon, this is the implementation of the one-year option for saving your login information that you can often see on the forum.

(9)

In the HTTP message format, the cookie and session are in the same packet location.
If IE finds that the package contains Cookie/session information, it determines whether to save the information based on the security level. For example, if the security mechanism allows the use of cookies, ie will save the cookie information to the temporary file. Each time a Server File is requested, the received session information will be added to the request message, this is how session stores information. If the security mechanism does not allow cookie usage, ie will not write the cookie information into the temporary file even though it receives the cookie and session information. When ie requests the Server File again, it will not add the received session information to the request message, and the server will not be able to know the session information.