File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes simple doubt in session management Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "simple doubt in session management" Watch "simple doubt in session management" New topic

simple doubt in session management

ankur rathi
Ranch Hand

Joined: Oct 11, 2004
Posts: 3830
I have developed a very simple example to illustrate session management:

First I am clarifying that, I haven't written any special code for URL rewritting, so there is only one way to maintain session and that is cookies.

Now, when user will open login.jsp and enter username and password, the request will go to servlet. Servlet will create session, add id of this session into cookies and add this cookies into response, forward request to welcome.jsp. After completing welcome.jsp, the servlet will respond to the client...

Now, if we click on 'next' link, the same cookies will come with this new request, container will find session as per the session id found in cookies, and go further...

But before clicking on 'next' button, I am deleting all the cookies through browser (means, no cookies will come with this request), but still container is able to manage session. How???


[ July 15, 2006: Message edited by: rathi ji ]
[ July 15, 2006: Message edited by: Bear Bibeault ]
sasikumar palakkizhi

Joined: Sep 11, 2005
Posts: 29
I think it is because jsp manages session by using both cookies and urlrewriting. If the container doesn't see a cookie , it will be looking for sessionID
satishkumar janakiraman
Ranch Hand

Joined: May 03, 2004
Posts: 334

Your session will be managed by HttpSession on the server and the session will not be managed by cookies. When you use cookies explicitly instead of HttpSession, in this case, the session would not available after deleting all cookies via browser.
Cookies are created on the client side
HttpSession is maintained on the server side.

I hope it might help you.

bye for now
Justin Yao

Joined: Jun 16, 2006
Posts: 19
Hello, everyone!
I have tried to find out how does the container manage sesssion.
I have deleted all the cookies, the container still able to find the session.
I guess that the cookie has been loaded in memory, although you have delete all cookies,
you cannot delete the cookie in the memory.
If you delete all the cookies, close current browser , and open your page in another browser
you will never find the session any longer.

Ben Souther

Joined: Dec 11, 2004
Posts: 13410

Yes, session cookies are stored in memory.
MSIE has a section for allowing/disallowing them (under the privacy -> advanced) tab.

If you have the LiveHTTPHeaders plugin for FireFox installed, you can see the name and value of the session cookie being passed back and forth from the server to the client while you're hitting your site.

Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
ankur rathi
Ranch Hand

Joined: Oct 11, 2004
Posts: 3830
Thanks Ben & All.

Satish, you are missing something...
I agree. Here's the link:
subject: simple doubt in session management
It's not a secret anymore!