Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

session tracking

 
Benjoe Reyes
Ranch Hand
Posts: 109
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
cookies are small files that are sent by the server/servlet to reside in the clients computer...
... how about session tracking using HttpSession??? dose it also resides in the client???
 
Johann Evans
Ranch Hand
Posts: 47
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
AFAIK HttpSession chooses by itself which method of tracking to use - if the client allows cookies, it will use them. If not, it will manage the session server side.
Cookies is the most effective way of tracking - but it depends on what extent you want to track - the session, the request, the application lifetime etc. HttpSession is ideal for session tracking - Cookies are better for Application tracking such as a user disconnecting from a dial up, and connecting a few days later - if the user has not flushed his cookie bin, then you can still recognise him.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A couple of points I'd like to clarify:
Firstly, cookies aren't files sent by the server, they are sent as text in the HTTP header and then saved as a file on the filesystem if required - they don't always get saved.
The cookies used for HttpSessions are usually session cookies, and for security reasons they don't usually get written to the file system (ie only memory-resident), but this is browser specific behaviour.
If the browser is closed, memory-resident session cookies are lost and you no longer know who the user is.
Unless you specifically write some user data to a persistent cookie, and then only if the client accepts it, there is no way to track users from one day to the next. For eample, javaranch writes the userId as a cookie which gets saved to the filesystem. This is why you don't have to login each day.
Dave
 
Benjoe Reyes
Ranch Hand
Posts: 109
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
so basically it is my choice as to what to use, right??? since it is not always possible for a persistant cookie i have the option to use HTTPSession... i'm just folowing some projects from deitel&deitel and they gave examples doing both:
1. Cookie cookies = new Cookie(name, value)
response.addCookie(cookies)
2. HttpSession session = request.getSession(true)
session.putValue(name,value)
cookies get added to the response thus to the client HTML but session doesn't... am i getting it write???
[ November 27, 2002: Message edited by: Benjoe Reyes ]
 
Matthew Phillips
Ranch Hand
Posts: 2676
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HttpSession controls how the session is tracked. It generally uses cookies, but if the browser will not accept cookies it will use url encoding. You do not need to worry about instantiating a cookie or encoding a url because HttpSession takes care of that for you.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic