Get HttpSession by session ID which is submitted as hidden input field
https://stackoverflow.com/questions/8922652
-
17-04-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Is it possible to get a HttpSession object by session ID, which is submitted to servlet as a hidden input field? I cannot go for session management by cookie because the device will not support cookies, or by URL rewriting because the session ID shouldn't be displayed in URL. In short, how can I do session management using hidden input fields?
Solution
If you use a hidden field for your session ID in a GET form, or query parameters in a link, the session ID will be visible in the URL.
To do what you want, you'll have to exclusively use POST forms, or AJAX. What kind of device would no support cookies but support JavaScript?
If you still want to go this way, I'm afraid you'll have to reimplement session handling yourself, or modify the session handling code of your web container.
