Just because it's fun to have that one last kick at the dead horse... You really can't rely on any cookie being set, can you? I mean most users are simply not this savvy (or stupid, depending on how you feel about it), but I can set my browser to prompt for every cookie, and I as the (idiot?) user can reject the session cookie, and then accept every other cookie. Or, I can accept the session cookie (because it's a *session* cookie, the kind that disappear), and reject all others. In fact, doesn't one of them there browsers have a setting like that, to automatically accept session cookies, but prompt for the other ones? So no, I don't think you can reliably use isRequestedSessionIdFromCookie to tell whether or not a client "accepts cookies". Not all cookies are alike.
> -----Original Message----- > From: Pid [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 22, 2006 12:50 PM > To: Tomcat Users List > Subject: Re: How does Tomcat detect whether a browser accepts cookies > > > You could use the session id location as an indicator, > assuming there's a session already. > > if (hreq.isRequestedSessionIdFromCookie()) { > // we're good, do whatever > } > else { > // no cookies, begone! > } > > if your initial point of contact does a single instant > redirect to the detector, then Tomcat should sort out the > session location by the time you need to detect it. > > servlet1(redirect) > servet2(detect) > > this is the same as was suggested before, but at least you > don't have to write your own cookie addition/detection routine. > > > > Garey Mills wrote: > > David - > > > > Thanks for the clear, concise answer. > > > > Garey Mills > > Library Systems Office > > UC Berkeley > > > > The brain is not where you think > > > > On Wed, 21 Jun 2006, David Smith wrote: > > > >> On first response, Tomcat both set's a cookie JSESSIONID > and appends > >> the > >> same to the page links (when properly coded). If the > cookie comes back > >> on the next request, url rewriting is dropped in favor of > the cookie. No > >> magic, tomcat just covers all it's bases up front. > >> > >> See HttpServletResponse.encodeURL(String) in the servlet spec for > >> more info. > >> > >> -- David > >> > >> Garey Mills wrote: > >>> David - > >>> > >>> Tomcat uses cookies to establish a session with the > browser. If it > >>> can't use cookies, it uses URL rewriting. So whenever > someone uses > >>> my app, Tomcat tries to set a cookie. > >>> > >>> If it was the case that Tomcat didn't know whether the browser > >>> accepted cookies until after it tried to set one at the first > >>> access, users of browsers that did not accept cookies > would not have > >>> a session that recorded their first access. I don't think > that would > >>> be considered acceptable, so I assume that Tomcat knows, > before my > >>> app is reached, whether the browser accepts cookies. But is my > >>> assumption correct, I don't know. That is what I am asking. > >>> > >>> > >>> > >>> > >>> Garey Mills > >>> Library Systems Office > >>> UC Berkeley > >>> > >>> The brain is not where you think > >>> > >>> On Wed, 21 Jun 2006, David Kerber wrote: > >>> > >>> > >>>> Why would it try until your app tells it to? AFAIK (admittedly, > >>>> not > >>>> very far; I don't use cookies) think it needs to be > handled by your app. > >>>> > >>>> > >>>> Garey Mills wrote: > >>>> > >>>> > >>>>> David - > >>>>> > >>>>> Well, okay then, but how can my app find out > what Tomcat knows > >>>>> about whether the browser accepts cookies or not? And when does > >>>>> Tomcat try? Before control is passed to my app? > >>>>> > >>>>> Garey Mills > >>>>> Library Systems Office > >>>>> UC Berkeley > >>>>> > >>>>> The brain is not where you think > >>>>> > >>>>> On Wed, 21 Jun 2006, David Kerber wrote: > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>> I think what he's getting at is that Tomcat (or any other web > >>>>>> server) > >>>>>> cannot tell how a browser is set wrt cookies without > trying to set one > >>>>>> and then seeing if it's there. > >>>>>> > >>>>>> Garey Mills wrote: > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>>> Martin - > >>>>>>> > >>>>>>> I guess I'm being obtuse, but WHAT won't work? > What I want to > >>>>>>> know is how Tomcat detects whether the browser > accepts cookies, > >>>>>>> that is, whether it is set to accept cookies or not? > >>>>>>> > >>>>>>> Garey Mills > >>>>>>> Library Systems Office > >>>>>>> UC Berkeley > >>>>>>> > >>>>>>> The brain is not where you think > >>>>>>> > >>>>>>> On Wed, 21 Jun 2006, Martin Gainty wrote: > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>>> Garey- > >>>>>>>> > >>>>>>>> Unfortunately that wont work if your Browser > disallows cookies > >>>>>>>> If its IE Check out the IE options- > >>>>>>>> > >>>>>>>> Tools > >>>>>>>> Internet Options > >>>>>>>> Privacy > >>>>>>>> Advanced > >>>>>>>> look at "switched on Always allow Session Cookies" > >>>>>>>> > >>>>>>>> HTH, > >>>>>>>> > >>>>>>>> Martin -- > >>>>>>>> > *************************************************************** > >>>>>>>> ****** > >>>>>>>> This email message and any files transmitted with it > contain confidential > >>>>>>>> information intended only for the person(s) to whom > this email message is > >>>>>>>> addressed. If you have received this email message > in error, please notify > >>>>>>>> the sender immediately by telephone or email and > destroy the original > >>>>>>>> message without making a copy. Thank you. > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> ----- Original Message ----- > >>>>>>>> From: "Garey Mills" <[EMAIL PROTECTED]> > >>>>>>>> To: "Tomcat Users List" <users@tomcat.apache.org> > >>>>>>>> Sent: Wednesday, June 21, 2006 12:50 PM > >>>>>>>> Subject: Re: How does Tomcat detect whether a > browser accepts cookies > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>> Leon - > >>>>>>>>> > >>>>>>>>> Thank you for your response, but I don't understand > it. I have > >>>>>>>>> a key question: > >>>>>>>>> > >>>>>>>>> how does Tomcat detect that a browser does not > accept cookies? > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> There are a number of different ways to detect it inside my > >>>>>>>>> application, but all of them seem to need a > roundtrip to the > >>>>>>>>> browser. If, as I suspect, Tomcat can tell without the > >>>>>>>>> redirect, I would like to use Tomcat's knowledge. If Tomcat > >>>>>>>>> uses a roundtrip, I would still like to use Tomcat's > >>>>>>>>> knowledge, so that I don't have to duplicate the > work inside > >>>>>>>>> my app. > >>>>>>>>> > >>>>>>>>> Garey Mills > >>>>>>>>> Library Systems Office > >>>>>>>>> UC Berkeley > >>>>>>>>> > >>>>>>>>> The brain is not where you think > >>>>>>>>> > >>>>>>>>> On Wed, 21 Jun 2006, Leon Rosenberg wrote: > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>>> You could check for your cookie in first request > and if not > >>>>>>>>>> present just set the cookie in the request and > redirect to > >>>>>>>>>> another page which reads the cookie (btw, it can also be > >>>>>>>>>> done with javascript without user-visible-reload). The > >>>>>>>>>> difference to your approach that each user will be > redirected > >>>>>>>>>> exactly once, since you are checking for your > cookie in first > >>>>>>>>>> request and it should remain persistent for next visits. > >>>>>>>>>> > >>>>>>>>>> regards > >>>>>>>>>> Leon > >>>>>>>>>> > >>>>>>>>>> On 6/21/06, Garey Mills > <[EMAIL PROTECTED]> wrote: > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>>> Hi - > >>>>>>>>>>> > >>>>>>>>>>> I have an application that does not work correctly > >>>>>>>>>>> when the browser does not accept cookies. I added > some code > >>>>>>>>>>> that rewrites the query string the first time the app is > >>>>>>>>>>> entered to include a new parameter and then > redirects to the > >>>>>>>>>>> app. I watch for that parameter and if I find it I check > >>>>>>>>>>> whether the session id is from a cookie. If it > isn't I put > >>>>>>>>>>> up a "Sorry, you need cookies message" and exit. > >>>>>>>>>>> > >>>>>>>>>>> This solution is not optimal, since I am seeing a > >>>>>>>>>>> blank page the first time I try to get into the > application. > >>>>>>>>>>> > >>>>>>>>>>> So my question is: Tomcat must ascertain > whether the > >>>>>>>>>>> browser accepts cookies in order to decide whether to use > >>>>>>>>>>> cookies or URL rewriting. How does it do it? and > can I check > >>>>>>>>>>> Tomcat to find out, too? > >>>>>>>>>>> > >>>>>>>>>>> Garey Mills > >>>>>>>>>>> Library Systems Office > >>>>>>>>>>> UC Berkeley > >>>>>>>>>>> > >>>>>>>>>>> The brain is not where you think > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>> > ------------------------------------------------------------------- > >>>> -- > >>>> To start a new topic, e-mail: users@tomcat.apache.org > >>>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>> For additional commands, e-mail: [EMAIL PROTECTED] > >>>> > >>>> > >>>> > >>> > >>> > -------------------------------------------------------------------- > >>> - > >>> To start a new topic, e-mail: users@tomcat.apache.org > >>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>> For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>> > >> > >> > --------------------------------------------------------------------- > >> To start a new topic, e-mail: users@tomcat.apache.org > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > > > > > > --------------------------------------------------------------------- > > To start a new topic, e-mail: users@tomcat.apache.org > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
