• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Session vs Cookie objects

 
Ranch Hand
Posts: 88
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I'm currently reading Sessions chapter in HFSJ, and seek clarification
in the differences between Session and Cookie objects. Specifically I'd like
to understand when you would use either. According to the text, a session is
managed by a Cookie; Yet there exists two distinct objects, a Session object and a Cookie object. Why would I want to use a Cookie object when a Session object offers more, i.e. we are constrained to storing String values in a cookie and objects in Sessions? Why not just use session objects to store information.
regards,
Mo
SCJP 1.4, Father of 3 rascals
 
Ranch Hand
Posts: 108
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
Is it not that you can have cookies persist on the client but a session cookie is gone once the session is over if you started a new session it would have a new JSESSIONID. Session cookies are done automatically where custom cookies are set by the developer. You only really want to be using a session when it is needed.
 
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can put more info into a cookie than just the session-id.
For e.g., a website might put a cookie with your name in it.
This cookie is stored in your pc.

When you return to the website, several days after the session
is terminated on the server, the browser sends the cookie info
to the server. So you might see a welcome message saying
"Welcome back Tom Cruise".

In short, cookies live longer than sessions.
 
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Session and cookies are used in different scenarios.
Session is primarly used for keeping the client state across different client requests. Since HTTP is stateless there is no way for a container to know from which client the request comes from. To track this there are two ways,
1. Cookies
2. URL rewriting

When a client first makes a request, a session is created in the server and associated with the client. This is accomplishe by giving the session an id. and passing this is back to the client. This id is passsed as a cookie in the response. When the client again sends a request it sends the session id with the request. Now the server looks for a session object with the same session id. if there exists a session with the same session id. it associates the client with that session. Which means the client can get the attributes from the session which is set as part of the previous request.

Hence cookies are a way to implement session management.

Hope it helps.
[ August 11, 2006: Message edited by: Jiji Cherian ]
 
mo sayed
Ranch Hand
Posts: 88
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Guys,
Thanks for the explanations. Things look a bit clearer now.
TO reiterate, cookie objects are used for storing state information
across a number of sessions, e.g. maintaining user details,
whereas session objects store information for a given session.
I guess the confusion arose, since the text in the book talked about
the JSESSIONID but I could'nt see the connection between session and
cookie objects, Thanks again.
regards,
Mo
SCJP 1.4
 
Jiji Cherian
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

cookie objects are used for storing state information
across a number of sessions



it depends. meaning you should programatically specify how long the cookie should live in the client machine.
For eg: a session cookie's life is same as that of a session. but the cookie information is stored in the client(harddisk) whereas as the session object are stored in server memory.

So i am restating your statement as,
cookie objects can be used for storing state information
across a number of sessions
 
reply
    Bookmark Topic Watch Topic
  • New Topic