File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes Are session attributes really stored in cookie? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Are session attributes really stored in cookie?" Watch "Are session attributes really stored in cookie?" New topic
Author

Are session attributes really stored in cookie?

Timothy Sam
Ranch Hand

Joined: Sep 18, 2005
Posts: 746
I thought they were stored server-side, but a friend told me that they are stored in browser cookies. Is this true? I happen to be saving the username and password in session scoped variable and this made me worry.


SCJP 1.5
http://devpinoy.org/blogs/lamia/ - http://everypesocounts.com/
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60765
    
  65

No. Session attributes are not stored in cookies.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14687
    
  16

Things you add using addCookie() will be in a cookie, not session attributes.


[My Blog]
All roads lead to JavaRanch
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60765
    
  65

Your friend is confused. The session id is usually stored in a cookie. But this is just a value that allows the container to keep track of the session across requests. It in no way contains the values of session scoped variables.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Are session attributes really stored in cookie?
 
Similar Threads
Whose handling transactions?
session datas using JSTL in JS
java application accessing the ejb
JSP Queries
Can session variables be stored in HTML