File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes session stuff Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "session stuff" Watch "session stuff" New topic

session stuff

Mike Southgate
Ranch Hand

Joined: Jul 18, 2003
Posts: 183
I'm using Murach's book as my intro to servlets and jsp and it gives some code to track your session, which I've pasted below:
HttpSession session = request.getSession();
session.setAttribute("user", user);
This gets the session and then seta a "user" attribute to a particular object. I understand that you want to track sessions (though I must admit I don't understand how they're manipulated and used yet). I also understand the first line which simple gets the session from the request object.
While I understand what the second line does, I have no idea WHY you'd want to do this. What's the point of it?

ms<br />SCJP, SCJD
Jeanne Boyarsky
author & internet detective

Joined: May 26, 2003
Posts: 33102

Usually, you put data in the session if you want to access it on a later page. For example, you might display the username on every page the user accesses when he/she is logged in.

[OCA 8 book] [Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Other Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, TOGAF part 1 and part 2
Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15302

While what Jeanne said is correct, I would like to elaborate just a little bit more on a Session. You need to understand that the HTTP protocal has no methods or Session tracking. HTTP really has no idea and frankly doesn't care where you are or how long you have been there.
Sessions, for the most part, are cookies. With most Application Servers, when you create a Session or rather, when your application creates a session, it's just a cookie or series of cookies. You just don't have to deal with reading and writing them. You can just use the Session object. With the more advanced Application Servers (IIS, Websphere, etc) you can specify in the config files how you want your sessions handled. So you can actually configure sessions to be regular cookies, in memory cookies(faster, but can be pricey) and in IIS you can do what is called a ViewState, which is basically a hidden field passed around from page to page with all your session data encrypted in it.
Now, on a Session use, and sometimes misuse, I am no expert. Personally, I don't use the Session object for just a whole lot. I do use it to store user info which allows me to verify the user is logged in for each secured page (and if you use the Application Servers Form Authentication abilites this is even easier). I never use the Session to pass data between pages other than the user info I just talked about. I always pass data around using the HttpServletRequest object(which could just be like a Session but called something else, I don't know ). Typically, I instantiate a Bean of some sort, put data in it, then put that in the request object and forward that to the next servlet or jsp page.
Sorry to ramble on so much. But when I recently needed to use JSP pages and Servlet as well as some ASP.NET pages, it really helped me when I found out what a Session really was.

GenRocket - Experts at Building Test Data
I agree. Here's the link:
subject: session stuff
It's not a secret anymore!