Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

which session tracking method is good?

 
vipul patel
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Guys,

Which Session tracking is really good to implement? I guess there are three methods.
1. HttpSession
2. Cookie
3. URL Rewriting.

I did not understand the 3. However, It seems that 1 and 2 have sort of same operations. what we do is put some value<->attribute pair in HttpSession object or Cookie object. but Cookie is created in the client's PC whereas HttpSession is not.

Also I am confused on differences between 1 and 2.

can any body help?

thanks,
 
Adeel Ansari
Ranch Hand
Posts: 2874
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by dilip agheda:
Which Session tracking is really good to implement? I guess there are three methods.
1. HttpSession
2. Cookie
3. URL Rewriting.


Servlet/JSP containers provide session management through interface HttpSession. Generally, the containers try to use cookie to save session state on the client. If the client doesn't allow cookies or user has disabled cookies then the containers usually try to do session management using URL rewriting.

[Edited]
URL rewriting works where cookies would not. Those URLs looks long and pretty bad. Its difficult to bookmark those URLs.

Cheers.
[ January 02, 2006: Message edited by: Adeel Ansari ]
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The first, HttpSession, is achieved using one of the second two.

Most applications will try to map users to their sessions using session cookies. If that fails, they will often fall back on url-rewriting.
 
Vishnu Prakash
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Spec decitates that session tracking cookie should be JSESSIONID. This cookie is passed back and forth between the client and the container. The session tracking cookie is binded into Session Object which you can get a reference using

HttpSession session = request.getSession();

Container will fall back to URL Rewriting only when the client browser doesn't accept cookies.
 
vipul patel
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Guys,

Thanks for the reply. But still confusion. As all of you are saying that HttpSession (which is first method as i mentioned) is achieved using either Cookie or URL Rewriting. But If I assume that Cookie or URL rewriting are taken care by the container behind the scenes then where in Servlet API, Cookie class exist?

Because If you look at what Cookie class can do is essentially same as HttpSession. Also for URL Rewriting, I have method like encodeURL.

Another Question:
Suppose i have scenario like this: I want to store username in a session so that when i redirect to another servlet/page, it is available in that. For that should i use cookie or HttpSession?
 
Roger Chung-Wee
Ranch Hand
Posts: 1683
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
We had a discussion on this subject in another forum.
Different ways of implementing shopping cart
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13064
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But If I assume that Cookie or URL rewriting are taken care by the container

The container can manage the JSESSIONID cookie, but URL rewriting is entirely up to the programmer. The container can recognize that a new request uses a URL that has been rewritten, but thats all.
Bill
 
Scott Selikoff
author
Saloon Keeper
Posts: 4015
18
Eclipse IDE Flex Google Web Toolkit
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In general, all the options are good under their own circumstances. Perhaps if you mentioned what in particular you wanted to do with the data we'd be better able to advice which is the best for you in your situation.

For user login, as previously mentioned, its a toss up between cookies or sessions. Most of the time cookies wins out but there are cases (such as when the user's login is tied to specific server processes) that cookies are not the best.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic