I have an old web site(servlets, JSP, and Struts). Currently, session management handled by using cookies. I wanted to redesign this site to make browser independent.
I know there is an alternate - URL re-writing, however, this is not feasible for me to re-write(encode) all the URLs in my application.
I am looking for a solution which should not impact my code much. Please suggest me, if anyone is having a feasible solution. It will be a great help to me.
This makes no sense. Just use URL rewriting. Otherwise you basically end up in reinventing the whole HttpSession concept. You'd need to change every line in your code which uses HttpSession. This will require much more time than fixing your webapp to utilize URL rewriting. Bite the bullet and take this as a lesson learnt so that you don't make the same mistake of not doing URL rewriting for the future projects which requires supporting browsers which don't support cookies.
As far as I can imagine there is only one third option other than session token in URL or Cookie that is so dirty and impractical that I would not recommend it ;) But here we go:
Have a hidden form field on every page with the session token and every request to the server must be a form submit including the hidden fields value.
From my point of view cookies are already the best solution when optimizing for browser independence only (excluding implicit sessions via GET).
Rewrite all a.href with javascript to add the session hash as parameter.
This shouldn't be your solution if you go for true browser independence as cookies are more widespread than javascript support. Larger chunks of data can be stored in LocalStorage.
sessionStorage.setItem("key", "value");
and
var key_value = sessionStorage.getItem("key");
Easy to set up and considerably faster for larger client side session data. But you still have to send some data to the server via POST/GET AJAX calls to actually track the session on the server-side.
Cookies should be friends, not foes.
