Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I got the answer for If I disabled the cookies then using URL ReDirect I can pass the JSESSIONID but my URL is already very long as I use the GET method it has constraint. Then how
should I use my sessions.I want my application to be very security intensive.
This is one of the question asked to my friend in GOOGLE interview.
Apart from using one-letter parameter names (e.g.
?a=value1&b=value2&c=value3or using RESTFul-like URL’s (i.e. just the pathinfo, no query parameters, e.g./value1/value2/value3, which is accessible byHttpServletRequest#getPathInfo()in the servlet) instead of?name1=value1&name2=value2&name3=value3, you can also consider to Gzip and Base64-encode the query string so that it becomes shorter. Both JavaScript and Java are capable of (de)compressing and (d)e(n)coding it. You can eventually format the query string in JSON before compressing/encoding, it will be shorter in case of arrays/collections/maps.That said, are you sure that the request URL’s are often that unfriendly long (assuming that it’s over 255 characters)? Why would you need to pass that much information in? Are they supposed to maintain the client state? If so, you shouldn’t use the URL for this, but the
HttpSessioninstance in the server side which is already associated with the jsessionid cooke. UseHttpSession#setAttribute()to store some information in session and useHttpSession#getAttribute()to retrieve it.