Sessions in a web application track user activity after each login. Cookies are one effective way to maintain session information. Cookies mainly consist of key-value pairs that belong to each session. If we are not using cookies, we must use another way to maintain session information.
Supporting sessions without cookies in a Tomcat server is important because not all users allow cookies due to privacy settings or security concerns. Relying solely on cookies could disrupt the user experience for those with cookies disabled, leading to issues like repeated logouts or lost session states.
URL encoding is a technique through which URLs are made readable, accessible, and user-friendly. In a Tomcat server, we can use URL encoding to maintain sessions without relying on cookies. Here are two possible ways to achieve this:
We can use the Servlet API of Java, which provides utility functions for maintaining sessions, like getSession(), which gives us a session object. It manages the session using the JSESSIONID cookie. If the user has disabled cookies, then the API uses the URL encoding method to maintain the session and set the JSESSIONID value, which is encoded and then appended to the URL. It is maintained by the API throughout the session to keep track of the session.
Let’s look at an example of URL encoding using the Servlet API.
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
@WebServlet("/Login")
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
private final String userId = "Educative";
private final String password = "123";
protected void doPost(HttpServletRequest request,
HttpServletResponse response) throws ServletException{
// Get request parameters for userID and password
String user = request.getParameter("userId");
String password = request.getParameter("password");
if(userId.equals(user) && password.equals(password)){
HttpSession session = request.getSession();
session.setAttribute("user", "Educative");
Cookie userName = new Cookie("user", user);
response.addCookie(userName);
//Get the encoded URL string
String encodedURL = response.encodeRedirectURL("Success.jsp");
response.sendRedirect(encodedURL);
}
}
}Lines 1–7: We import various classes from the Java Servlet API.
Lines 9–13: We define a servlet, specifying that this servlet will be mapped to the URL pattern /Login. We also define hardcoded credentials for login validation.
Lines 15–16: We define a method that handles POST requests to the servlet.
Line 22: We check if the provided credentials match the hardcoded credentials.
Lines 23–24: If a current session exists, we retrieve it. Otherwise, we create a new session.
Lines 25–26: We create a new cookie named “user” with the value of the user ID and add the cookie to the response.
Line 28: We encode the URL for the redirection. The response.encodeRedirectURL method encodes the specified URL by including the session ID (`JSESSIONID`) in the URL.
JSTL tag can also be used for URL encoding. If we use c:url, it encodes the URL automatically and appends a JSESSIONID to it. We can use it like this:
< a href="< c:url value='Success.html'/>">link< / a>
Using the approaches described above can help maintain the session even if the cookies are disabled by the client. Maintaining session information without cookies is crucial for ensuring seamless user experiences in web applications, especially when cookies are disabled. Using URL encoding through the Servlet API or JSTL tags, developers can effectively manage session data by appending the JSESSIONID to URLs.
Free Resources