File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Cookie or Session Object?? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Cookie or Session Object??" Watch "Cookie or Session Object??" New topic

Cookie or Session Object??

Sharad Agarwal
Ranch Hand

Joined: Sep 11, 2002
Posts: 167

This has to be a question that arises again and again. I did search a bit but did not find anything pertaining to my situation.

We are designing a session-based application which will use affinity maintaining load-balancing infrastructure. The users are call-center agents - so the typical usage pattern is to initiate a session, spend 4-5 minutes, kill the browser and initiate another session. Every time we have an entity that is session scope (not useful across sessions), we have the choice of placing it in the session object or in a cookie. Which approach is ideal?

It is a session scope entity, and should, as such reside in the session object. Since the LB infrasstructure gaurantees session affinity, we should leverage it and save on the network overhead that placing it in the cookie would incur. Cookies have length limits and (potentially) security issues that we can avert by using the container provided Session object. Cookies are more appropriate for information that spans sessions.

Placing more and more data in the Session object make it larger and places a higher load on the server resources. Reducing the session size by placing entities in the Cookie allows the same application to serve more users. This is all the more so true in an application where users come and go at a high rate, while they spend 4-5 minutes in each visit. If the application throws an error for a particular request, the LB infrastructure will redirect the user to another instance. The new instance will have session information from the cookie and can continue seemlessly.


[ May 25, 2005: Message edited by: Sharad Agarwal ]

[ May 25, 2005: Message edited by: Sharad Agarwal ]
[ May 25, 2005: Message edited by: Sharad Agarwal ]

Alco-Haul: We move spirits.
Demented Deliberations of a Dilettante
Jeanne Boyarsky
author & internet detective

Joined: May 26, 2003
Posts: 33134

I think we need to know more about the requirements. What kind of session data is there? In particular, is it useful across sessions. Every time the user closes the browser, he/she loses the session.

[OCA 8 book] [Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Other Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, TOGAF part 1 and part 2
Sharad Agarwal
Ranch Hand

Joined: Sep 11, 2002
Posts: 167
The session data is context information of sorts that the user provides progressively. In each session, the context will change depending on the new customer that the agent is trying to help.

Hence the session data is really only session scope. It is not useful across sessions. It is not even useful application wide. I have edited my original post to indicate this.

Thanks for the prompt response.
[ May 25, 2005: Message edited by: Sharad Agarwal ]
Sharad Agarwal
Ranch Hand

Joined: Sep 11, 2002
Posts: 167
I have found a nice article discussing the pros and cons of maintaining session state on the client side.

So, here is the question. If we know that there is at least some information that we will need to maintain in the Session Object, can there be any justification for placing anything at all in the cookie (aside from the Session ID)? Asked another way, if the server is designed to be stateful, would it make sense to totally avoid using cookies altogether?

Thanks in advance.
[ May 26, 2005: Message edited by: Mark Spritzler ]
I agree. Here's the link:
subject: Cookie or Session Object??
It's not a secret anymore!