This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I am new to servles and was trying to make an application. I want to save a value for a sequence of jsp's If I have an option to use Httpsession or Cookie it is said that Httpsession is better to use. But I came to know that httpsession also saves values in cookie
Some one please clarify how cookie is differnt from session as when I am using using Httpsession ,cookie is used too
Sessions are used to store objects, in memory or in a database, on the server. With cookies, you either save the data on the user's machine or save a key on their machine that can be used to look up the data on the server.
The biggest advantage to HttpSessions (to me anyway) is that the container does most of the work for you.
Originally posted by priya kakkar: When session uses cookie what do we store in cookie,is it the session ID
As mentioned earlier, we don't do anything. The container will handle this for you. The container does store a unique key in the cookie. You can see this with any tool that allows you to view HTTP headers such as the Firebug or LiveHttpHeaders plugins for FireFox. Cookie: JSESSIONID=FF1F6BE29387AC0B224BAF926FB09B23
Originally posted by priya kakkar:
If it id same can be done by using ckkoie too What does container do in case of httpsession (which we need to do ourself when using cookie)
It generates the unique string, passes it to the browser, reads it back. It also insures that you are under a separate session when you switch to SSL which is an important security feature. It matches it up to the HttpSession object residing in memory (or in some cases a database). It also handles replication if you're using clustered containers.
Originally posted by priya kakkar:
Also how is the following work done ? "With cookies, you either save the data on the user's machine or save a key on their machine that can be used to look up the data on the server."
I think my answer to question one should cover this one too.
Joined: May 12, 2007
I can get that attribute cab be saved in following two ways:
and get it in next servlet by
and get it from cookie in next servlet like
[ August 26, 2007: Message edited by: priya kakkar ]
[BSouther: Added UBB CODE tags] [ August 26, 2007: Message edited by: Ben Souther ]
I think, if you read all the posts in this thread, you'll find that we already have; but maybe not clearly enough.
In the first of your two examples, you're saving the 'name' value to session. It is going to stored, in memory, on the server. It will never need to be sent back to the browser. The only thing that will go to the browser is the sessionID (most likely as a cookie but possibly as part of the URL in a link, or if you're under SSL, the container may use the session handling mechanism provided by the SSL protocol).
In the second example, you've stored the actual value in a cookie. It will be passed back to the browser in an HTTP header and stored on the client's machine. In all subsequent requests, the browser will pass that value back to you in the HTTP cookie header.
If all you're tracking is a name value, either way will be fine (although, your example shows that it's much more work to use your own cookies).
But... What if you wanted to store a password. Would you want the user's password to be stored in clear text in the browser? Would you want it being passed back and forth, in clear text, with every request? If you do this and the user accesses your site on a shared machine, anyone else can come along later, read the cookies stored on that machine and see the password.
What if you wanted to store a lot of data. There is a limit to how much you can put in a cookie (it's browser dependent) and there is a limit to how much data you would want to have to pass back and forth with each and every request. If it's stored in session, it never has to be passed back and forth. You're only passing the key (sessionID).
Lastly, cookies can only be used to store strings. What if you wanted to store a HashMap with references to other complex objects? Session attributes store references to Java objects so they can be used for keeping track of a much more diverse set of values. [ August 26, 2007: Message edited by: Ben Souther ]