File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes HttpSession Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "HttpSession" Watch "HttpSession" New topic
Author

HttpSession

Bob Moranski
Ranch Hand

Joined: Nov 22, 2000
Posts: 177
Hi, I am confused with the HttpSession object. It is sent from the client through HttpServletRequest. But how does the servlet identify a HttpSession object to track the user session? In other words, how does servlet know that the HttpSession object is from a particular client in order to do the tracking?
Thanks!
nutan prakash
Greenhorn

Joined: Oct 28, 2000
Posts: 16
Hi,
The Server (Servlet), with every HTTPSession, places a cookie on the client. The Client returns this cookie which is identified by the servlet... thus retrieving the HTTP Session object. This special cookie's value is set by the Servlet automatically whenever a HTTP Session is made, and this value is UNIQUE.
AM I RIGHT - ANYONE?
regards...
nutan


P.Nutan Prakash<br />SCJP2
Kevin Mukhar
Ranch Hand

Joined: Nov 28, 2000
Posts: 83
Originally posted by nutan prakash:
Hi,
The Server (Servlet), with every HTTPSession, places a cookie on the client. The Client returns this cookie which is identified by the servlet... thus retrieving the HTTP Session object. This special cookie's value is set by the Servlet automatically whenever a HTTP Session is made, and this value is UNIQUE.
AM I RIGHT - ANYONE?
regards...
nutan

Close, but not right. The servlet does not send the cookie. The servlet CONTAINER sets the session id and sends the cookie. The cookie contains the session id. When the client makes another connection, it returns the cookie, the servlet container extracts the session id and uses that to retrieve the correct session when the servlet calls getSession(boolean).
Peter den Haan
author
Ranch Hand

Joined: Apr 20, 2000
Posts: 3252
Originally posted by Kevin Mukhar:
Close, but not right. The servlet does not send the cookie. The servlet CONTAINER sets the session id and sends the cookie. The cookie contains the session id.

If the client has cookies disabled (or does not support them), this scheme falls apart. But your servlet container may support URL rewriting to include the session ID as part of the URL. This works with any browser.
However, URL rewriting also takes some effort on your part because it only works if you call HttpServletResponse.encodeURL(String) faithfully for every URL you write out.
- peter
Diskmuncher
Greenhorn

Joined: Jan 05, 2001
Posts: 3
Originally posted by Peter den Haan:
If the client has cookies disabled (or does not support them), this scheme falls apart. But your servlet container may support URL rewriting to include the session ID as part of the URL. This works with any browser.
However, URL rewriting also takes some effort on your part because it only works if you call HttpServletResponse.encodeURL(String) faithfully for every URL you write out.
- peter


Minor nit...in addition to the servlet container, the web server may also support URL rewriting. The Apache webserver is still faster (and theoretically safer) at serving static content than the Jakarta Tomcat webserver/container, so I compiled mod_rewrite into Apache to allow the session ID to be "tracked" across dynamic and static pages.
Frank Carver
Sheriff

Joined: Jan 07, 1999
Posts: 6920
"Diskmuncher",
The Java Ranch has thousands of visitors every week, many with surprisingly similar names. To avoid confusion we have a naming convention, described at http://www.javaranch.com/name.jsp . We require names to have at least two words, separated by a space, and strongly recommend that you use your full real name. Please choose a new name which meets the requirements.
Thanks.

Read about me at frankcarver.me ~ Raspberry Alpha Omega ~ Frank's Punchbarrel Blog
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: HttpSession