What is a Session's scope?

Hi,

I had thought that a "session" was associated with the the browser window. When an new browser window is opened a new session is created and associated the new browser window.

However the code below displays the same Session ID for two browser windows, leading me to believe that I am not correct.

HttpSession session = req.getSession(true); out.println("Session ID is: " + session.getId() + "<br>")

Can someone help me with the following questions?
1) What is the scope of a session?
2) What is the scope of an application.
3) How are user's information kept seperated from one another. For example, two users select items for purchase at Amazon.com. How might theiir purchases be seperated?

Thanks!

Session is associated with user (to be specific - user visit to web application). When user open web application on browser, a session is created by web container. If required in logic manipulation in java code, we can use this session object using HTTPSession methods. Once user browser is closed then session is terminated.

Application scope is associated with web application. As long as web application is deployed on web container, application scope is maintained. there is one application object which is accessible/shared to all users (whole application). If any variable is set in application, it will be accessible to all users (all servlet code etc).

A session object is created per user visit (visit can contain multiple page requests). If there are 5 users accessing web application, then there will be 5 sessions. And this how we separate one user request from another user request (Amazon purchases in your example).

~ abhay

Hi Abhay,

Thank you for your reply!

Your answer then takes me back to my observation that the following code displays the same session id in two different browser windows.

HttpSession session = req.getSession(true); out.println("Session ID is: " + session.getId() + "<br>")

I'm using IE 8 and Tomcat 7.0.5.
The browsers and server on the same machine, and I'm using http://localhost:8080 to connect to Tomcat. Note that they are simple servlets, no logon or user id. Just open the browser and address to the servlet to execute the code above.

My questions now are
1) Why would the session ids be identical on two different browser windows open a the same time? Is it because both requests originate on the same client machine?

2) How is data in the application scope accessed?

Thank You!

Lou

The session has nothing to do with a window or with a user. The session is all about cookies. If two browser windows share cookies, they will share the session. Period.

Application scope is accessed through the ServletContext.

That clears it up for me Bear!

That also explains why I can log on to javaranch.com, open another browser window, navigate to javaranch.com, and be logged in on the second browser window. And since the cookies expire when I close all browsers, I'm logged off.

Thank you Bear, you rock!

The way httpsession getting like:

HttpSession session = req.getSession(true);
out.println("Session ID is: " + session.getId() + "<br>")
The above code is created new session.if session is not avilable

HttpSession session = req.getSession();
out.println("Session ID is: " + session.getId() + "<br>")
The above code is created new session.if session is not avilable arenot

HttpSession session = req.getSession(false);
out.println("Session ID is: " + session.getId() + "<br>")
The above code is created wont created new session.
Most of the web server maintain deafult time out 30 min

we can maintain the session time out in web.xml
<Session-config>
<Session-timeOut>10
</Sessiom-timeout>
</sesion-config>
there is multipule way is

session time out we can maintain class level also