aspose file tools*
The moose likes Servlets and the fly likes why need session? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "why need session?" Watch "why need session?" New topic
Author

why need session?

ankur rathi
Ranch Hand

Joined: Oct 11, 2004
Posts: 3830
Is it necessary to create sessions??

I mean, if I send user id (something that uniquely identify a user) with each request after user logged in, then I can find out any details about user by this id.

What's drawback with this approach....

Please comments.

Thanks.
[ December 19, 2005: Message edited by: Bear Bibeault ]
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

If your application requires security, I can 'become' another user just by sending another user id. It is harder to guess session id's. Also, session id's are separate to login details, so that you can still track a user's movement without requiring them to log in.
ankur rathi
Ranch Hand

Joined: Oct 11, 2004
Posts: 3830

If your application requires security, I can 'become' another user just by sending another user id. It is harder to guess session id's.


But if I use post method each time, then it is harder for user to judge any user id and hardest to know, how to pass user id with request...

Please comments.

Thanks.
Prabodh Reddy
Greenhorn

Joined: Dec 19, 2005
Posts: 14
Session's are useful to identify the client by the server.
server can identify the user with session id. whenever user sends a request
to the server it will create session id .
this is mainly used with http communication. as HTTP is a stateless protocol (Which does not maintain the state of the client).
with the help of sessions server can maintain the state of the client.
Hemant Agarwal
Ranch Hand

Joined: Nov 21, 2005
Posts: 138
But the problem with hidden fields is that it will be passed each time from server to browser and then from browser to server back. So to avoid that you can use Session. Also if I don't want to send some information to client but it is needed in many of my pages, I may use session.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Using session allows you to keep (cache) Java objects in memory on the server.
Since reading from memory is exponentially faster than disk IO, this can make your app much more responsive and efficient. It can also make your code a lot cleaner, simpler, and easier to maintain.
It only takes a line or two to reference an object bound to session.
Compare that with the database code required to lookup and parse the user's information every time they post a request and you can start to see the benefit.

There are downsides too.
Needlessly loading all kinds of objects into session can cause your app's memory footprint to grow. If you're using session replication to cluster your app servers then all the objects in session will need to be serialized and de-serialized with every hit.

Like everything in this profession, the trick is to find the right balance for the app you're building.



Oh... The answer to your first question:
No, it's not necessary to create sessions.
There are plenty of web applications out there that don't use them at all.
[ December 19, 2005: Message edited by: Ben Souther ]

Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: why need session?