I understand that the struts framework can automatically handle session
management via URL re-writing if the user's browser does not permit
cookies to be used.
The funny thing is that sometimes, my browser shows a jsessionid value
in the address box and other times it does not. I would expect that I
would ONLY see this value if my browser had cookie support disabled and
that all other times, I would see nothing as cookie support is enabled
and URL re-writing is not required.
What I actually see is that sometimes I do not see the value displayed
and other times I will see it. Even when cookies are enabled, I may
still see this value.
I am puzzled. Any help is appreciated.
The first time that you make a request that is part of a session, the
servlet container has no clue about whether or not the client supports
cookies. Therefore, it sends the session ID *both* ways (as a cookie and
as an encoded URL). Then, when the next request comes in, the container
can look at whether the cookie is present and say either:
- "Aha, this client supports cookies. Therefore I don't need to
- "Aha', this client doesn't support cookies. Therefore, I will continue
to use URL rewriting."
The key issue is that the container has no idea which scenario will occur
until the *second* request. Therefore, the only rational strategy is to
send the session identifier both ways the first time, and see which one