This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes HFSJ Page 231, under 2nd Heading Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "HFSJ Page 231, under 2nd Heading" Watch "HFSJ Page 231, under 2nd Heading" New topic

HFSJ Page 231, under 2nd Heading

Gangadhar Reddy

Joined: Aug 13, 2007
Posts: 25
Under the 2nd heading "Sending a session cookie in the RESPONSE;" we have following code

HttpSession session = request.getSession();

But I think it has to be as follows:

HttpSession session = response.getSession();

If the ABOVE statement is right, then the error has not been mentioned in

Christophe Verre, can you please help me out in this? Thank you in advance
Christophe Verré

Joined: Nov 24, 2005
Posts: 14688

If you look carefully at HttpServletResponse's API, you'll see that there is no getSession method there. You retrieve or make a session via the request. I don't have the book, so I can't clearly explain what they mean by "Sending a session cookie in the RESPONSE".

Christophe Verre, can you please help me out in this?

Anybody is here to help you

[My Blog]
All roads lead to JavaRanch
Gangadhar Reddy

Joined: Aug 13, 2007
Posts: 25
Yes Christophe Verre, you are right. HttpServletResponse does not have getSession() method.
Marc Peabody
pie sneak

Joined: Feb 05, 2003
Posts: 4727

I don't think that the term "session" in "Sending a session cookie in the RESPONSE" is referring to the HttpSession object on the server side.

Your server session doesn't keep track of cookies. That's really the whole point of cookies - that they store information on the client so the server doesn't have to store it. [Note: This concept gets muddied a little because the container can use cookies to track the JSESSIONID, so for this one case the container will keep the JSESSIONID stored both on the server side and on the client side as a cookie. But other than that... ]

I don't have my HFSJ in front of me, but I suspect that "session cookie" means one of two things:
1) A cookie that holds the JSESSIONID, meaning a cookie to identify which session object the client belongs to.
2) If a Cookie does not have an expiration date, it will be deleted when the user closes her browser window. In a sense, these could be called session cookies -even though they could outlive an HttpSession- because they live only for the browsing session.

But with either of my assumptions I wouldn't expect that a coder would need to retrieve the HttpSession for either one. #1 is managed entirely by the container and #2 has nothing to do with HttpSession. So I'm confused. Mind explaining the context of your question a little more?

A good workman is known by his tools.
I agree. Here's the link:
subject: HFSJ Page 231, under 2nd Heading
It's not a secret anymore!