Hi LightBulb,
I think you missing a concept somewhere...
A typically setup for a servlet that wants to use a cookie is like this
HttpSession session = request.getSession(true); //Make a
session if one does not exist
String SomeAttributeISet =
session.getAttribute("SomeAttributeISet "); //Read back your cookie stuff,
normally your Session bean
if (SomeAttributeISet == null) { //Attribute is not set, so no
cookie
//Normally you would make a new Session Bean here
} else {// got session info, so picking up the cookie
}
I never use isNew because typically the above structure tells you if the
cookie has come back or not, indirectly because your session bean or
attributes are null if no cookie.
The first time the request comes in from the browser.... there will NEVER be
a cookie session, because the browser needs a response from the servlet, to
get the cookie in the first place.
So if you setting up a form.... you must remember to set the cookie up when
you give them the page, so that when they submit it, the session is already
in place, otherwise it will only get set "after" the first response. Its not
instantaneous.... it needs one cycle.
isNew() may come in handy but you have to understand, that if you have any
security in your apps, the session will already be old.... because Tomcat
will already have made that session... so it doesnt mean much, rather just
keep an eye on the beans you set in the session.
If you look in the browser you will not see your attribute.... you will see
something like JSessionID = "GA6238468HFABB6868768687"
That is the session.... and Tomcat stores all your attributes against
that.... its just a glorified hash table, that keeps (JSessionID,
YourAttribute, Value)
To answer your question.... if you turn off cookies in your browser and you
not using urlRewriting, ie you using the above, you should see isNew all the
time.
If cookies are on in the browser, isNew will happen the first time, but not
the second time.
If security is used, isNew will always be false to you.
So.... you make a form and .. do the above... ie make your session bean, the
user fills it in and submits.
When you read it.... if your bean is then null.... you send them a message
that tells them to turn cookies on.
Its normally just about impossible to use the web today without cookies
running, so it normally enough to just tell the user to turn them on.
In the old days when some browsers couldnt do cookies.... you had to do it.
urlRewriting is very tricky and you actually need to write all the URL's in
your page with the sessionID as well, else things like menu items break, it
gets extremely messy. In general I dont use it.... just tell the user to
turn it on.
Where I do use it, and its not really just for sessions, is when I want the
user to get back to the same state, by just keeping the url, and I find url
Session reWriting is not enuf then anyway. A good example of a scheme like
that is Google.... just look at how its storing state in the url, but its
doing more than just session management.
Hope that helps....
----- Original Message -----
From: "lightbulb432" <[EMAIL PROTECTED]>
To: <users@tomcat.apache.org>
Sent: Tuesday, June 26, 2007 9:12 PM
Subject: RE: Where to find session cookies
How can I configure Tomcat to use permanent cookies as opposed to session
cookies? One of the reasons I'd like to know is to see the behavior of
method isNew() of HttpSession, which I can do if I'm able to disable
cookies. As the Javadoc for HttpSession says:
"A servlet should be able to handle cases in which the client does not
choose to join a session, such as when cookies are intentionally turned
off."
Fargusson.Alan wrote:
Session cookies are not stored on disk. This is why they are more secure
then cookies (non-session). Since they only exist in RAM (ok, maybe in
swap files) nobody else using that machine can find them, and they go
away
when the browser ends.
-----Original Message-----
From: lightbulb432 [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 29, 2007 12:15 PM
To: users@tomcat.apache.org
Subject: Where to find session cookies
When testing my application that uses sessions, I don't seem to see a
cookie
with domain localhost in my browser's cookies folder. Does Tomcat use
some
internal folder to put its cookies, or am I just doing something else
wrong?
I do have cookies enabled, so it's not writing the session id to the URL,
either.
Thanks.
--
View this message in context:
http://www.nabble.com/Where-to-find-session-cookies-tf3835973.html#a10860700
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
View this message in context:
http://www.nabble.com/Where-to-find-session-cookies-tf3835973.html#a11311838
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
