• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Cookie or Session Object??

 
Ranch Hand
Posts: 167
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
All,

This has to be a question that arises again and again. I did search a bit but did not find anything pertaining to my situation.

We are designing a session-based application which will use affinity maintaining load-balancing infrastructure. The users are call-center agents - so the typical usage pattern is to initiate a session, spend 4-5 minutes, kill the browser and initiate another session. Every time we have an entity that is session scope (not useful across sessions), we have the choice of placing it in the session object or in a cookie. Which approach is ideal?

LOGIC TO PLACE IN SESSION
It is a session scope entity, and should, as such reside in the session object. Since the LB infrasstructure gaurantees session affinity, we should leverage it and save on the network overhead that placing it in the cookie would incur. Cookies have length limits and (potentially) security issues that we can avert by using the container provided Session object. Cookies are more appropriate for information that spans sessions.

LOGIC TO PLACE IN COOKIE
Placing more and more data in the Session object make it larger and places a higher load on the server resources. Reducing the session size by placing entities in the Cookie allows the same application to serve more users. This is all the more so true in an application where users come and go at a high rate, while they spend 4-5 minutes in each visit. If the application throws an error for a particular request, the LB infrastructure will redirect the user to another instance. The new instance will have session information from the cookie and can continue seemlessly.

Thoughts/ideas???

[ May 25, 2005: Message edited by: Sharad Agarwal ]

[ May 25, 2005: Message edited by: Sharad Agarwal ]
[ May 25, 2005: Message edited by: Sharad Agarwal ]
 
author & internet detective
Posts: 41860
908
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sharad,
I think we need to know more about the requirements. What kind of session data is there? In particular, is it useful across sessions. Every time the user closes the browser, he/she loses the session.
 
Sharad Agarwal
Ranch Hand
Posts: 167
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The session data is context information of sorts that the user provides progressively. In each session, the context will change depending on the new customer that the agent is trying to help.

Hence the session data is really only session scope. It is not useful across sessions. It is not even useful application wide. I have edited my original post to indicate this.

Thanks for the prompt response.
[ May 25, 2005: Message edited by: Sharad Agarwal ]
 
Sharad Agarwal
Ranch Hand
Posts: 167
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have found a nice article discussing the pros and cons of maintaining session state on the client side.

So, here is the question. If we know that there is at least some information that we will need to maintain in the Session Object, can there be any justification for placing anything at all in the cookie (aside from the Session ID)? Asked another way, if the server is designed to be stateful, would it make sense to totally avoid using cookies altogether?

Thanks in advance.
[ May 26, 2005: Message edited by: Mark Spritzler ]
 
reply
    Bookmark Topic Watch Topic
  • New Topic