aspose file tools*
The moose likes Servlets and the fly likes which session tracking method is good? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "which session tracking method is good?" Watch "which session tracking method is good?" New topic
Author

which session tracking method is good?

vipul patel
Ranch Hand

Joined: Oct 16, 2005
Posts: 146
Hi Guys,

Which Session tracking is really good to implement? I guess there are three methods.
1. HttpSession
2. Cookie
3. URL Rewriting.

I did not understand the 3. However, It seems that 1 and 2 have sort of same operations. what we do is put some value<->attribute pair in HttpSession object or Cookie object. but Cookie is created in the client's PC whereas HttpSession is not.

Also I am confused on differences between 1 and 2.

can any body help?

thanks,
Adeel Ansari
Ranch Hand

Joined: Aug 15, 2004
Posts: 2874
Originally posted by dilip agheda:
Which Session tracking is really good to implement? I guess there are three methods.
1. HttpSession
2. Cookie
3. URL Rewriting.


Servlet/JSP containers provide session management through interface HttpSession. Generally, the containers try to use cookie to save session state on the client. If the client doesn't allow cookies or user has disabled cookies then the containers usually try to do session management using URL rewriting.

[Edited]
URL rewriting works where cookies would not. Those URLs looks long and pretty bad. Its difficult to bookmark those URLs.

Cheers.
[ January 02, 2006: Message edited by: Adeel Ansari ]
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

The first, HttpSession, is achieved using one of the second two.

Most applications will try to map users to their sessions using session cookies. If that fails, they will often fall back on url-rewriting.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Vishnu Prakash
Ranch Hand

Joined: Nov 15, 2004
Posts: 1026
Spec decitates that session tracking cookie should be JSESSIONID. This cookie is passed back and forth between the client and the container. The session tracking cookie is binded into Session Object which you can get a reference using

HttpSession session = request.getSession();

Container will fall back to URL Rewriting only when the client browser doesn't accept cookies.


Servlet Spec 2.4/ Jsp Spec 2.0/ JSTL Spec 1.1 - JSTL Tag Documentation
vipul patel
Ranch Hand

Joined: Oct 16, 2005
Posts: 146
Hi Guys,

Thanks for the reply. But still confusion. As all of you are saying that HttpSession (which is first method as i mentioned) is achieved using either Cookie or URL Rewriting. But If I assume that Cookie or URL rewriting are taken care by the container behind the scenes then where in Servlet API, Cookie class exist?

Because If you look at what Cookie class can do is essentially same as HttpSession. Also for URL Rewriting, I have method like encodeURL.

Another Question:
Suppose i have scenario like this: I want to store username in a session so that when i redirect to another servlet/page, it is available in that. For that should i use cookie or HttpSession?
Roger Chung-Wee
Ranch Hand

Joined: Sep 29, 2002
Posts: 1683
We had a discussion on this subject in another forum.
Different ways of implementing shopping cart


SCJP 1.4, SCWCD 1.3, SCBCD 1.3
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12806
    
    5
But If I assume that Cookie or URL rewriting are taken care by the container

The container can manage the JSESSIONID cookie, but URL rewriting is entirely up to the programmer. The container can recognize that a new request uses a URL that has been rewritten, but thats all.
Bill
Scott Selikoff
author
Saloon Keeper

Joined: Oct 23, 2005
Posts: 3710
    
    5

In general, all the options are good under their own circumstances. Perhaps if you mentioned what in particular you wanted to do with the data we'd be better able to advice which is the best for you in your situation.

For user login, as previously mentioned, its a toss up between cookies or sessions. Most of the time cookies wins out but there are cases (such as when the user's login is tied to specific server processes) that cookies are not the best.


My Blog: Down Home Country Coding with Scott Selikoff
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: which session tracking method is good?