Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

session stuff

 
Mike Southgate
Ranch Hand
Posts: 183
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm using Murach's book as my intro to servlets and jsp and it gives some code to track your session, which I've pasted below:
HttpSession session = request.getSession();
session.setAttribute("user", user);
This gets the session and then seta a "user" attribute to a particular object. I understand that you want to track sessions (though I must admit I don't understand how they're manipulated and used yet). I also understand the first line which simple gets the session from the request object.
While I understand what the second line does, I have no idea WHY you'd want to do this. What's the point of it?
ms
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34095
337
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Usually, you put data in the session if you want to access it on a later page. For example, you might display the username on every page the user accesses when he/she is logged in.
 
Gregg Bolinger
GenRocket Founder
Ranch Hand
Posts: 15302
6
Chrome IntelliJ IDE Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
While what Jeanne said is correct, I would like to elaborate just a little bit more on a Session. You need to understand that the HTTP protocal has no methods or Session tracking. HTTP really has no idea and frankly doesn't care where you are or how long you have been there.
Sessions, for the most part, are cookies. With most Application Servers, when you create a Session or rather, when your application creates a session, it's just a cookie or series of cookies. You just don't have to deal with reading and writing them. You can just use the Session object. With the more advanced Application Servers (IIS, Websphere, etc) you can specify in the config files how you want your sessions handled. So you can actually configure sessions to be regular cookies, in memory cookies(faster, but can be pricey) and in IIS you can do what is called a ViewState, which is basically a hidden field passed around from page to page with all your session data encrypted in it.
Now, on a Session use, and sometimes misuse, I am no expert. Personally, I don't use the Session object for just a whole lot. I do use it to store user info which allows me to verify the user is logged in for each secured page (and if you use the Application Servers Form Authentication abilites this is even easier). I never use the Session to pass data between pages other than the user info I just talked about. I always pass data around using the HttpServletRequest object(which could just be like a Session but called something else, I don't know ). Typically, I instantiate a Bean of some sort, put data in it, then put that in the request object and forward that to the next servlet or jsp page.
Sorry to ramble on so much. But when I recently needed to use JSP pages and Servlet as well as some ASP.NET pages, it really helped me when I found out what a Session really was.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic