sessionservletshttpsessionsessiontracking

Get HttpSession by session ID which is submitted as hidden input field


Is it possible to get a HttpSession object by session ID, which is submitted to servlet as a hidden input field? I cannot go for session management by cookie because the device will not support cookies, or by URL rewriting because the session ID shouldn't be displayed in URL. In short, how can I do session management using hidden input fields?


Solution

  • If you use a hidden field for your session ID in a GET form, or query parameters in a link, the session ID will be visible in the URL.

    To do what you want, you'll have to exclusively use POST forms, or AJAX. What kind of device would no support cookies but support JavaScript?

    If you still want to go this way, I'm afraid you'll have to reimplement session handling yourself, or modify the session handling code of your web container.