File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JSP and the fly likes Help Regarding Cookies and session Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "Help Regarding Cookies and session" Watch "Help Regarding Cookies and session" New topic

Help Regarding Cookies and session

Santhana Lakshmi.S
Ranch Hand

Joined: Aug 16, 2005
Posts: 82
In my project I want to Keep track of the user name until the user Logs out.
I want a suggestion which one is to be used to track the current user
Either Cookies concept or session object.

Can anyone give me suggestion for this?

Thanks a lot
Darren Edwards
Ranch Hand

Joined: Aug 17, 2005
Posts: 69
Sessions are maintained on the server so do not allow a client to tamper with the session data.
Cookies are maintained on the client so they can be tampered with.
vishwanath nadimpally
Ranch Hand

Joined: Jan 25, 2005
Posts: 116
Its as simple as putting the user name in session.
Santhana Lakshmi.S
Ranch Hand

Joined: Aug 16, 2005
Posts: 82
thanks for your reply.
I am using the session like this only to keep track of username.
But if user updates anything in that page it is not getting reflected in the page.
And also if another user logs-in and the user is getting the first logged in user's page.If the user refresh the page,it is showing the current user'spage.
How to avoid reflection?I tried by setting maxInactiveinterval to the session object.It is also not working.
I want to know the proper way to track session object.In what way the setMaxInactiveInterval will help me in avoiding this reflection?

Thanks a lot
Yogendra Joshi
Ranch Hand

Joined: Apr 04, 2006
Posts: 213
Hi Santhana ,

The Page where you want the user to logout , does it terminate the session on that page ? i.e are you invalidating the session ? Because if the session timeout period has not got ended and the user just closes the browser , the server DOES NOT terminate the session and then someone again opens the same page the previous user was browsing , then he / she can definately see what the previous user was indeed seeing.

So , Its better to invalidate the session and forward the user to login page once session has expunged.

You can check the HttpSession interface for more details on this.

Yogendra Joshi.

Meri Zindagi Hain Tab Tak.. Jab Tak Tera Sahara.... Har Taraf Tu Hi Tu Hain SAI Tera Hi Hain Nazara.....
I agree. Here's the link:
subject: Help Regarding Cookies and session
It's not a secret anymore!