0

there are two opinion about this.

  1. if we disable the cookie,server will create session and rewrite the url like this (http://localhost/login.jsp;jsessionid=07D00E8942B11CA1063735D38B4554DF) to track the request session;
  2. if cookie is enable,server will create session and set the response head(Set-Cookie:JSESSIONID=07D00E8942B11CA1063735D38B4554DF).

In opinion 1,when the server receive the request, it resolve the jsessionid,and create an session(I'm not sure that this session is created here)

Now ,I enable the cookie, and delete all explorer's cookie request the url I mentioned .I guess that the session id is passed in the url .but,the server create a new session and the id is different.

so,I'm confuse that when the server will create a new session.Can we control the behavior of session creation?

over is not over
  • 11
  • 4

1 Answers1

0

JSESSIONID cookie is created/sent when session is created. Session is created when your code calls request.getSession() or request.getSession(true) for the first time.

Put a breakpoint where you write session related code for better idea.

I don't know what case do you want to handle!! Generally its not good practice to pass JSESSIONID in url. I have passed one time where I want to share session inbetween mobile app and web app.

bNd
  • 7,512
  • 7
  • 39
  • 72
  • thanks for sharing. I want to share session between my app and webview.if we passed a jsessionid in the url , the server couldn't create a session with the id we passed?@bmt – over is not over Jan 19 '16 at 06:55
  • It should take same session as I did same before. try with `request.getSession(false)`. does it take session? – bNd Jan 19 '16 at 07:00
  • I have some new result.if we pass a jsessionid in the url,when we try request.getSession(),this method will return a session if the sessionid is valid or it will return a new session with a different session id;if we try request.getSession(true),it is same as up;otherwise request.getSession(false) will return the session or null.if we want to pass the jsessionid,we must pass it in every link.I guess that the server would not set-Cookie when we passed jsessionid,because it think that our client is not support cookie.if we don't pass jsessionid,server will set-cookie:jsessionid=sessionid.thanks – over is not over Jan 19 '16 at 08:21