• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

which session tracking method is good?

 
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Guys,

Which Session tracking is really good to implement? I guess there are three methods.
1. HttpSession
2. Cookie
3. URL Rewriting.

I did not understand the 3. However, It seems that 1 and 2 have sort of same operations. what we do is put some value<->attribute pair in HttpSession object or Cookie object. but Cookie is created in the client's PC whereas HttpSession is not.

Also I am confused on differences between 1 and 2.

can any body help?

thanks,
 
Ranch Hand
Posts: 2874
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by dilip agheda:
Which Session tracking is really good to implement? I guess there are three methods.
1. HttpSession
2. Cookie
3. URL Rewriting.



Servlet/JSP containers provide session management through interface HttpSession. Generally, the containers try to use cookie to save session state on the client. If the client doesn't allow cookies or user has disabled cookies then the containers usually try to do session management using URL rewriting.

[Edited]
URL rewriting works where cookies would not. Those URLs looks long and pretty bad. Its difficult to bookmark those URLs.

Cheers.
[ January 02, 2006: Message edited by: Adeel Ansari ]
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The first, HttpSession, is achieved using one of the second two.

Most applications will try to map users to their sessions using session cookies. If that fails, they will often fall back on url-rewriting.
 
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Spec decitates that session tracking cookie should be JSESSIONID. This cookie is passed back and forth between the client and the container. The session tracking cookie is binded into Session Object which you can get a reference using

HttpSession session = request.getSession();

Container will fall back to URL Rewriting only when the client browser doesn't accept cookies.
 
vipul patel
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Guys,

Thanks for the reply. But still confusion. As all of you are saying that HttpSession (which is first method as i mentioned) is achieved using either Cookie or URL Rewriting. But If I assume that Cookie or URL rewriting are taken care by the container behind the scenes then where in Servlet API, Cookie class exist?

Because If you look at what Cookie class can do is essentially same as HttpSession. Also for URL Rewriting, I have method like encodeURL.

Another Question:
Suppose i have scenario like this: I want to store username in a session so that when i redirect to another servlet/page, it is available in that. For that should i use cookie or HttpSession?
 
Ranch Hand
Posts: 1683
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We had a discussion on this subject in another forum.
Different ways of implementing shopping cart
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

But If I assume that Cookie or URL rewriting are taken care by the container


The container can manage the JSESSIONID cookie, but URL rewriting is entirely up to the programmer. The container can recognize that a new request uses a URL that has been rewritten, but thats all.
Bill
 
author
Posts: 4335
39
jQuery Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In general, all the options are good under their own circumstances. Perhaps if you mentioned what in particular you wanted to do with the data we'd be better able to advice which is the best for you in your situation.

For user login, as previously mentioned, its a toss up between cookies or sessions. Most of the time cookies wins out but there are cases (such as when the user's login is tied to specific server processes) that cookies are not the best.
 
Won't you be my neighbor? - Fred Rogers. tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic