1

Below is the two ways I know how tomcat keep session as so far.

  1. In URL add parameter like "JSESSIONID=xxxxxxxxxxxxxxx", every time when a request send to server side, tomcat will query the session-map with "xxxxx"
  2. Add a field in cookie like "JSESSIONID=xxxxxxxxxxxxxxx".

So, in my understanding, if we disable Cookie in browser, and visit our page with a URL without parameter like "JSESSIONID=xxxxxxxxxxxxxxx". The session id will be changed. Write a piece of code in jsp 

<% out.println(request.getSession().getId()); %>

whenever we visit this jsp, session id will change. But the fact is that sessionId is never changed.

I observed the cookies in browser, I have indeed disabled cookie. When the first time I visit the page, the request and resonse like below: 

 Request URL:http://localhost:8080/examples/testt.jsp Request Method:GET Status Code:200 OK ---------- Request Headersview source Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Charset:GBK,utf-8;q=0.7,*;q=0.3 Accept-Encoding:gzip,deflate,sdch Accept-Language:zh-CN,zh;q=0.8 Cache-Control:max-age=0 Connection:keep-alive Host:localhost:8080 User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.162 Safari/535.19 ------- Response Headersview source Content-Length:342 Content-Type:text/html;charset=ISO-8859-1 Date:Sat, 05 May 2012 03:01:32 GMT Server:Apache-Coyote/1.1 Set-Cookie:JSESSIONID=6C71760FD3B85C4696CD8E6204574A06; Path=/examples

When the second time I visit the page, the request and resonse like below: 

Request URL:http://localhost:8080/examples/testt.jsp Request Method:GET Status Code:200 OK -------- Request Headersview source Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Charset:GBK,utf-8;q=0.7,*;q=0.3 Accept-Encoding:gzip,deflate,sdch Accept-Language:zh-CN,zh;q=0.8 Cache-Control:max-age=0 Connection:keep-alive Cookie:JSESSIONID=6C71760FD3B85C4696CD8E6204574A06 Host:localhost:8080 User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.162 Safari/535.19 -------- Response Headersview source Content-Length:342 Content-Type:text/html;charset=ISO-8859-1 Date:Sat, 05 May 2012 03:03:19 GMT Server:Apache-Coyote/1.1

Could someone tell me how tomcat keep a session when cookie is disable and URL doesn't contains "JSESSIONID=xxxxxxxxxxxxxxx".

Thanks very much.

I have made a mistake when I disable cookie in Chrome, I haven't really disable cookie in the above test.

Improve this question

1 Answer 1

Reset to default
1

You haven't disabled cookies. The browser is sending the cookie in the request headers.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Yes, I have made a mistake when I disable cookie in Chrome, I haven't really disable cookie in the above test. Thanks for replay.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.