Asking how much data can be stored in a Session is like asking how fast your car will go if it's dropped off a cliff. There's probably a correct answer, but you've really got to wonder why the question is being asked.
The HttpSession is the worst place to store data. The only problem is that it is better than most of the other options. Keep the data in your HttpSession to a minimum. If you're storing lots of data for a user, you might want to create a temporary database table and store the information about users there. Just don't fall into any traps that will minimize the workload ability of your server.
20K is way too much to be putting in an HttpSession in a typical app. [ August 27, 2006: Message edited by: Bear Bibeault ]
That is a dangerous generalization. Statements like that lead beginners to all sorts of bizarre configurations because "I heard that sessions are bad." We seem to spend a lot of time on these forums straightening out tangles that people get into because "I heard that...."
The proper questions to ask are: What is the lifetime of the data? What is the scope of the data?
20K is way too much to be putting in an HttpSession in a typical app.
Without knowing anything about the original poster's application, it's traffic, and it's intended goals, nobody can say whether 20k (or 20 megs for that matter), is too much or too little to be stored in session.
In a low traffic site caching data in session (especially if that data requires expensive dabase queries to produce) can greatly improve application performance.
You're right, I'll be remiss about being too negative on the HttpSession.
My issue with 20K sessions is very much WebSphere related, and especially related to heavy workload environments.
With WebSphere, especially with Persistent Sessions, the app server writes all session data to a centralized database, so that if one app server goes down, all othet app servers pick it up. So, if you're reading alot from one database table, and then throwing it in the Session, WebShere is then writing it BACK INTO a DIFFERENT database table. That's alot of writes.
The other big thing is the fact that WebSphere writes session data into 4, 8, 16 or 20K blocks in the database. As a result, if you go over say 20, to 21k in an object graphy, now you've got two different blocks to pull memory out of, which delays performance even more.
Every J2EE performance problem I've ever run into was solved by 1) fixing HttpSession bloat, 2) fixing database connection usage or 3) implementing lazy loading. I've just been bitten too many times by HttpSession objects, and I get a little weary.
But indeed, workload, application complexity and other factors are important when considering HttpSession size.
Heh...I think this is what earlier posts were warning about, especially with regards to my snide little comment about HttpSessions - this conversation can go into many wild directions, and now we're getting into Session performance.
I'm a WebSphere Dude, and I know that every Friday I'd run my application through Resource Monitor which can tell you how many objects are in your sessions, and how big those objects are. I always like to keep an eye on those things.
Programatically, you can use an HttpSessionBindingListener (I think that's it) to fire off every time an object is placed in a session. You can run a routine here that can loop through all the objects stuffed inside a users session, and inspect them any way you might instapce a normal chunk of Java code. The great thing about the listener is it can be enabled when you want it to be, and removed when you want it to. Aren't pluggable interfaces great?
As far as overcoming HttpSession bloat? You really have to know WHY your sessions are becomming bloated, and why it's a performance issue. Sometimes, this forces you to do bad things, like code based on how your hardware does session management, which is an absolutely awful thing to do.
One "design pattern" I see is people taking large data that would go into an HttpSession and using a temporary database table. This eliminates the use of the Session service to store the temp data, and allows the developer to control access. But again, this is a slippery slope - the whole point of the HttpSession is to stop developers from having to do this. Sometimes though, for performance reasons, it's a must.
See - I told you HttpSession objects were a problem issue. [ August 28, 2006: Message edited by: Bear Bibeault ]
Author and all-around good cowpoke
Joined: Mar 22, 2000
It is really tricky to even talk about the "size" of a session in memory, as opposed to the size serialized on disk. Suppose you have 110 users each with a session having a reference to the same 10000 character string. The "size" is not 110 x 10000 x 2 bytes because the sessions hold only a reference.