I'm using Murach's book as my intro to servlets and jsp and it gives some code to track your session, which I've pasted below: HttpSession session = request.getSession(); session.setAttribute("user", user); This gets the session and then seta a "user" attribute to a particular object. I understand that you want to track sessions (though I must admit I don't understand how they're manipulated and used yet). I also understand the first line which simple gets the session from the request object. While I understand what the second line does, I have no idea WHY you'd want to do this. What's the point of it? ms
While what Jeanne said is correct, I would like to elaborate just a little bit more on a Session. You need to understand that the HTTP protocal has no methods or Session tracking. HTTP really has no idea and frankly doesn't care where you are or how long you have been there. Sessions, for the most part, are cookies. With most Application Servers, when you create a Session or rather, when your application creates a session, it's just a cookie or series of cookies. You just don't have to deal with reading and writing them. You can just use the Session object. With the more advanced Application Servers (IIS, Websphere, etc) you can specify in the config files how you want your sessions handled. So you can actually configure sessions to be regular cookies, in memory cookies(faster, but can be pricey) and in IIS you can do what is called a ViewState, which is basically a hidden field passed around from page to page with all your session data encrypted in it. Now, on a Session use, and sometimes misuse, I am no expert. Personally, I don't use the Session object for just a whole lot. I do use it to store user info which allows me to verify the user is logged in for each secured page (and if you use the Application Servers Form Authentication abilites this is even easier). I never use the Session to pass data between pages other than the user info I just talked about. I always pass data around using the HttpServletRequest object(which could just be like a Session but called something else, I don't know ). Typically, I instantiate a Bean of some sort, put data in it, then put that in the request object and forward that to the next servlet or jsp page. Sorry to ramble on so much. But when I recently needed to use JSP pages and Servlet as well as some ASP.NET pages, it really helped me when I found out what a Session really was.