JBridge: Certification Question Of The Day

JBridge Home >> Certification Questions >> Question for Monday 12th May 2003

Monday 12th May 2003

Which of the following are true statements about web applications, sessions and cookies? (2 correct answers)

A A developer can send cookies to a browser using methods available in the HttpServletResponse interface.
B There is a special cookie called JSESSIONID which contributes to session management between client and browser.
C Cookies are the only mechanism available for supporting session management between a browser and web application.
D Given that there is a valid session, the two HttpServletRequest methods isRequestedSessionIdFromCookie() and isRequestedSessionIdFromURL() cannot both return false.
E Most browsers, on closing, trigger an event that web applications can use to invalidate a session.
F Given that there is no session already, HttpServletRequest.getSession(false) will trigger a NonExistentSessionException.
Page down for the answer...

The Answer

A and B are true; the rest are false.
As for answer C, cookies are the best available method for supporting session management between a client and browser, but are not the only one. URL rewriting is another.
isRequestedSessionIdFromCookie() and isRequestedSessionIdFromURL() could both return false, even in the presence of a valid session. This is because sessions can be implemented in other ways – through SSL for example. So answer D is wrong.
Regrettably, I know of no browser that gives rise to an event on closing detectable by a web application. So answer E falls by the wayside.
Finally, answer F is a fib. Under the circumstances, the getSession(false) method will simply return null.

EMail: dbridgewater@jbridge.co.uk
Phone: +44 (0)1943 877414
Fax: +44 (0)1943 877414
Mail: David Bridgewater, Willow Dene, Bradford Road, Menston, Ilkley, West Yorkshire, LS29 6ED, UK
Copyright © 2003 David Bridgewater. All rights reserved.