You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Ben Bookey <be...@gistec-online.de> on 2004/06/25 15:51:17 UTC
Determination if a client has sessions enabled or not.
Dear List,
I would like to check if a client has cookies/sessions enabled in the start
page of my webapp. whats the best way of doing this?
regards
Ben
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Determination if a client has sessions enabled or not.
Posted by Mike Fowler <to...@mlfowler.com>.
I tend to agree and would advocate the use of URL encoding for all
stateful web-apps. However they have the drawback of making your URL
look something like:
http://localhost:8080/manager/html/list;jsessionid=C76172F9BD3E29A9AFDEBDA349F853DF
So you use cookies for "tidy" URLs.
-Mike Fowler
"I could be a genius if I just put my mind to it, and I,
I could do anything, if only I could get 'round to it"
Woodchuck wrote:
> hi,
>
> this begs the question, is it bad practice to require users to enable
> cookies?
>
>
> --- Mike Fowler <to...@mlfowler.com> wrote:
>
>>Ben,
>>
>>I don't know of any way of checking (someone correct me if I'm
>>wrong!).
>>What I have done is to attach an attribute to the session, redirect
>>to a
>>small .jsp page with a <div visibility: hidden;> tag surronding a
>>form
>>that automatically submits back to the servlet. The servlet can then
>>check if the attribute is still there and if not, you know sessions
>>are
>>disabled.
>>
>>-Mike Fowler
>>"I could be a genius if I just put my mind to it, and I,
>>I could do anything, if only I could get 'round to it"
>>
>>
>>Ben Bookey wrote:
>>
>>>Dear List,
>>>
>>>I would like to check if a client has cookies/sessions enabled in
>>
>>the start
>>
>>>page of my webapp. whats the best way of doing this?
>>>
>>>regards
>>>
>>>Ben
>>>
>>>
>>>
>>
>>---------------------------------------------------------------------
>>
>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail:
>>
>>tomcat-user-help@jakarta.apache.org
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - 50x more storage than other providers!
> http://promotions.yahoo.com/new_mail
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Determination if a client has sessions enabled or not.
Posted by Mike Fowler <to...@mlfowler.com>.
I think it's a good idea to try as much as possible to cater to
cookieless users, differing browsers and so on as this allows you to
create a single web-app that will function and look the same across a
multitude of browsers.
As a Mozilla user I come across site after site that takes advantage of
non-standard IE extensions that make the page virtually unviewable for
me. Of course, trying to develop to cater to all these possibilities
does make life a lot more difficult that it may need to be!
-Mike Fowler
"I could be a genius if I just put my mind to it, and I,
I could do anything, if only I could get 'round to it"
Woodchuck wrote:
> it used to be more common to have warnings on websites that say cookies
> are required. nowadays, these warnings are not there anymore and it's
> assumed cookies will be available. and if cookies are disabled by the
> user, and the website requires it, the user will be promptly halted.
>
> i'm coming from a web developer perspective, so i guess what i'm
> getting at is that it seems to me something is wrong when a website has
> to cater to non-cookie-enabled browsers/users. this argument can also
> be extended to other things like browser make/version, javascript
> (on/off), etc. etc.
>
> is it really harsh to say no cookies = no website nowadays? in my
> humble opinion, this is no.
>
>
[snip]
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: Determination if a client has sessions enabled or not.
Posted by Robert Harper <ro...@iat-cti.com>.
I agree that cookies are a very useful tool. My point is that we have two
conflicting interests, the user's desire to protect themselves from malicious
attacks and loss of privacy and the developer's need to keep information about
the current session. If you want to work in all cases, then some other method
should be used. If it is OK with your business model to loose customers/users
due to loss of some feature, then that is OK. Often the sales people and other
managers are not OK with any loss. Just a thought.
Robert S. Harper
801.265.8800 ex. 255
> -----Original Message-----
> From: Woodchuck [mailto:woodchuck_5@yahoo.com]
> Sent: Friday, June 25, 2004 10:16 AM
> To: Tomcat Users List; robert_harper@iat-cti.com
> Subject: RE: Determination if a client has sessions enabled or not.
>
> it used to be more common to have warnings on websites that say cookies
> are required. nowadays, these warnings are not there anymore and it's
> assumed cookies will be available. and if cookies are disabled by the
[snip]
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: Determination if a client has sessions enabled or not.
Posted by Woodchuck <wo...@yahoo.com>.
it used to be more common to have warnings on websites that say cookies
are required. nowadays, these warnings are not there anymore and it's
assumed cookies will be available. and if cookies are disabled by the
user, and the website requires it, the user will be promptly halted.
i'm coming from a web developer perspective, so i guess what i'm
getting at is that it seems to me something is wrong when a website has
to cater to non-cookie-enabled browsers/users. this argument can also
be extended to other things like browser make/version, javascript
(on/off), etc. etc.
is it really harsh to say no cookies = no website nowadays? in my
humble opinion, this is no.
--- Robert Harper <ro...@iat-cti.com> wrote:
> It may also be asked if it is bad practice to require the user to
> enable
> pop-ups. I would think not as many businesses force internal users to
> disable
> cookies and pop-ups. If your application requires either then it is
> not always
> useable. Food for thought.
>
> Robert S. Harper
> 801.265.8800 ex. 255
>
> > -----Original Message-----
> > From: Woodchuck [mailto:woodchuck_5@yahoo.com]
> > Sent: Friday, June 25, 2004 9:29 AM
> > To: Tomcat Users List
> > Subject: Re: Determination if a client has sessions enabled or not.
> >
> > hi,
> >
> > this begs the question, is it bad practice to require users to
> enable
> > cookies?
> >
> >
> > --- Mike Fowler <to...@mlfowler.com> wrote:
> > > Ben,
> > >
> > > I don't know of any way of checking (someone correct me if I'm
> > > wrong!).
> > > What I have done is to attach an attribute to the session,
> redirect
> > > to a
> [snip]
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: Determination if a client has sessions enabled or not.
Posted by Robert Harper <ro...@iat-cti.com>.
It may also be asked if it is bad practice to require the user to enable
pop-ups. I would think not as many businesses force internal users to disable
cookies and pop-ups. If your application requires either then it is not always
useable. Food for thought.
Robert S. Harper
801.265.8800 ex. 255
> -----Original Message-----
> From: Woodchuck [mailto:woodchuck_5@yahoo.com]
> Sent: Friday, June 25, 2004 9:29 AM
> To: Tomcat Users List
> Subject: Re: Determination if a client has sessions enabled or not.
>
> hi,
>
> this begs the question, is it bad practice to require users to enable
> cookies?
>
>
> --- Mike Fowler <to...@mlfowler.com> wrote:
> > Ben,
> >
> > I don't know of any way of checking (someone correct me if I'm
> > wrong!).
> > What I have done is to attach an attribute to the session, redirect
> > to a
[snip]
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Determination if a client has sessions enabled or not.
Posted by Woodchuck <wo...@yahoo.com>.
hi,
this begs the question, is it bad practice to require users to enable
cookies?
--- Mike Fowler <to...@mlfowler.com> wrote:
> Ben,
>
> I don't know of any way of checking (someone correct me if I'm
> wrong!).
> What I have done is to attach an attribute to the session, redirect
> to a
> small .jsp page with a <div visibility: hidden;> tag surronding a
> form
> that automatically submits back to the servlet. The servlet can then
> check if the attribute is still there and if not, you know sessions
> are
> disabled.
>
> -Mike Fowler
> "I could be a genius if I just put my mind to it, and I,
> I could do anything, if only I could get 'round to it"
>
>
> Ben Bookey wrote:
> > Dear List,
> >
> > I would like to check if a client has cookies/sessions enabled in
> the start
> > page of my webapp. whats the best way of doing this?
> >
> > regards
> >
> > Ben
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Determination if a client has sessions enabled or not.
Posted by Mike Fowler <to...@mlfowler.com>.
Ben,
I don't know of any way of checking (someone correct me if I'm wrong!).
What I have done is to attach an attribute to the session, redirect to a
small .jsp page with a <div visibility: hidden;> tag surronding a form
that automatically submits back to the servlet. The servlet can then
check if the attribute is still there and if not, you know sessions are
disabled.
-Mike Fowler
"I could be a genius if I just put my mind to it, and I,
I could do anything, if only I could get 'round to it"
Ben Bookey wrote:
> Dear List,
>
> I would like to check if a client has cookies/sessions enabled in the start
> page of my webapp. whats the best way of doing this?
>
> regards
>
> Ben
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org