Hi, I'm currently reading Sessions chapter in HFSJ, and seek clarification in the differences between Session and Cookie objects. Specifically I'd like to understand when you would use either. According to the text, a session is managed by a Cookie; Yet there exists two distinct objects, a Session object and a Cookie object. Why would I want to use a Cookie object when a Session object offers more, i.e. we are constrained to storing String values in a cookie and objects in Sessions? Why not just use session objects to store information. regards, Mo SCJP 1.4, Father of 3 rascals
Hi, Is it not that you can have cookies persist on the client but a session cookie is gone once the session is over if you started a new session it would have a new JSESSIONID. Session cookies are done automatically where custom cookies are set by the developer. You only really want to be using a session when it is needed.
You can put more info into a cookie than just the session-id. For e.g., a website might put a cookie with your name in it. This cookie is stored in your pc.
When you return to the website, several days after the session is terminated on the server, the browser sends the cookie info to the server. So you might see a welcome message saying "Welcome back Tom Cruise".
Session and cookies are used in different scenarios. Session is primarly used for keeping the client state across different client requests. Since HTTP is stateless there is no way for a container to know from which client the request comes from. To track this there are two ways, 1. Cookies 2. URL rewriting
When a client first makes a request, a session is created in the server and associated with the client. This is accomplishe by giving the session an id. and passing this is back to the client. This id is passsed as a cookie in the response. When the client again sends a request it sends the session id with the request. Now the server looks for a session object with the same session id. if there exists a session with the same session id. it associates the client with that session. Which means the client can get the attributes from the session which is set as part of the previous request.
Hence cookies are a way to implement session management.
Hope it helps. [ August 11, 2006: Message edited by: Jiji Cherian ]
Joined: Jan 25, 2006
Guys, Thanks for the explanations. Things look a bit clearer now. TO reiterate, cookie objects are used for storing state information across a number of sessions, e.g. maintaining user details, whereas session objects store information for a given session. I guess the confusion arose, since the text in the book talked about the JSESSIONID but I could'nt see the connection between session and cookie objects, Thanks again. regards, Mo SCJP 1.4
Joined: Aug 10, 2006
cookie objects are used for storing state information across a number of sessions
it depends. meaning you should programatically specify how long the cookie should live in the client machine. For eg: a session cookie's life is same as that of a session. but the cookie information is stored in the client(harddisk) whereas as the session object are stored in server memory.
So i am restating your statement as, cookie objects can be used for storing state information across a number of sessions