BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ
News Articles Presentations Podcasts Guides

Topics

Choose your language

InfoQ Dev Summit Boston

Discover transformative insights to level up your software development decisions. Register now with early bird tickets.
InfoQ Dev Summit Munich

Get practical advice from senior developers to navigate your current dev challenges. Register now with early bird tickets.
QCon San Francisco

Level up your software skills by uncovering the emerging trends you should focus on. Register now.
The Software Architects' Newsletter

Your monthly guide to all the topics, technologies and techniques that every professional needs to know about. Subscribe for free.

InfoQ Homepage News The Problem with JSessionId

The Problem with JSessionId

Bookmarks

Nov 06, 2006 less than one minute

InfoQ Article Contest

Share your knowledge Win a ticket to a QCon event
or an InfoQ Dev SummitFind out more
An article on RandomCoder.com looks at the negative aspects of using the jsessionid technique for cookieless sessions in Java web applications. A Google search for "JSessionid" reveals sites such as Sun's Download Center using the technique. The article points a number of issues with doing so:
  • Every link must be generated with HttpServletRequest.encodeURL() or mechanisms such as a JSTL tag
  • Search engines penalize sites which have identical content from multiple unique URLs
  • The session is more easily spoofed by hackers
In response to this the author recommends requiring cookie support to store sessions. The article includes an example servlet filter to prevent the generation of session identifiers on urls.

Rate this Article

Adoption
Style

This content is in the Java topic

Related Topics:
BT