07 October 2010

0 Url Rewriting using for Session Tracking

Session Tracking by Url Rewriting


The below given is the core idea of Session Tracking using URL Rewriting in JAVA
  • Client appends some extra data on the end of each URL that identifies the session
  • Server associates that identifier with data it has stored about that session
E.g. http://host/filePath/fileName.html;jsessionid=1234

Advantages of Session Tracking by Url Rewriting
  • URL Rewriting can be used when working with the browsers that don’t support cookies.
  • URL Rewriting can be used when the user has disabled the cookies.
  • URL Rewriting also supports anonymous session tracking.

Disadvantages of Session Tracking by Url Rewriting.
  • Url Rewriting has Security risk : Session id appears in the URL , it can be easily seen by other users: Users may copy and paste those link without knowing attached session id which compromises the security.
  • Server log files may record the Referer header which may record the session id in the log.
  • Must encode all URLs that refer to your own site.
  • All pages must be dynamically generated.
  • Fails for bookmarks and links from other sites.


0 comments:

Feeds Comments

Please give your valuable comments.