aspose file tools*
The moose likes Servlets and the fly likes Are session attributes really stored in cookie? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Are session attributes really stored in cookie?" Watch "Are session attributes really stored in cookie?" New topic
Author

Are session attributes really stored in cookie?

Timothy Sam
Ranch Hand

Joined: Sep 18, 2005
Posts: 746
I thought they were stored server-side, but a friend told me that they are stored in browser cookies. Is this true? I happen to be saving the username and password in session scoped variable and this made me worry.


SCJP 1.5
http://devpinoy.org/blogs/lamia/ - http://everypesocounts.com/
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61433
    
  67

No. Session attributes are not stored in cookies.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14688
    
  16

Things you add using addCookie() will be in a cookie, not session attributes.


[My Blog]
All roads lead to JavaRanch
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61433
    
  67

Your friend is confused. The session id is usually stored in a cookie. But this is just a value that allows the container to keep track of the session across requests. It in no way contains the values of session scoped variables.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Are session attributes really stored in cookie?