This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
Well, an HttpSession is the server side component available in the Servlet and JSP API, and it's the one that pretty much every large site uses, so simply 'majority rules' would indicate the HttpSession.
But an HttpSession often uses a cookie on the client to plant an ID, so in most cases, they are part of the same solution, unless you are using URLRewriting.
Use the HttpSession. Don't mess around too much with cookies.
The only case in which I would even consider cookie(s) over a session would be if the "user state" to be preserved could be represented very compactly in short string(s) AND exposing the contents did not constitute a security problem. There are big limitations on how much cookies can store - search for rfc2965.
Joined: Nov 25, 2003
Thanks for your inputs. If it is possible, please provide some more justification for using httpsession object over cookie.
Cameron Wallace McKenzie
author and cow tipper