This question already has an answer here:
In a web app, when user logs in, a HttpSession
is created using HttpSession s = request.getSession(true);
This creates a cookie with jsessionid
on the browser.
But if cookies are disabled on browser, How can i proceed with login?
The main purpose of logging in is to identify the user. The basic information of the user is stored in the cookie which is basically a text file containing jsessionid. It is the jsessionid we want and not the cookie itself. So, we can get hold of jsessionid and concat it with the url, we will still be able to access contents in the HttpSession object.
If Cookies are disabled. You should be using URL Rewriting mechanism for Session tracking.
Code Example:
http://www.javadocexamples.com/javax/servlet/http/HttpServletResponse/encodeURL%28String%20url%29.html