This week's book giveaway is in the Android forum.
We're giving away four copies of Head First Android and have Dawn & David Griffiths on-line!
See this thread for details.
The moose likes Servlets and the fly likes Are session attributes really stored in cookie? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Head First Android this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Are session attributes really stored in cookie?" Watch "Are session attributes really stored in cookie?" New topic
Author

Are session attributes really stored in cookie?

Timothy Sam
Ranch Hand

Joined: Sep 18, 2005
Posts: 751
I thought they were stored server-side, but a friend told me that they are stored in browser cookies. Is this true? I happen to be saving the username and password in session scoped variable and this made me worry.


SCJP 1.5
http://devpinoy.org/blogs/lamia/ - http://everypesocounts.com/
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 63042
    
  69

No. Session attributes are not stored in cookies.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14688
    
  16

Things you add using addCookie() will be in a cookie, not session attributes.


[My Blog]
All roads lead to JavaRanch
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 63042
    
  69

Your friend is confused. The session id is usually stored in a cookie. But this is just a value that allows the container to keep track of the session across requests. It in no way contains the values of session scoped variables.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Are session attributes really stored in cookie?
 
It's not a secret anymore!