wood burning stoves 2.0*
The moose likes JSP and the fly likes Hidden variables Vs session variables - Which is better? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "Hidden variables Vs session variables - Which is better?" Watch "Hidden variables Vs session variables - Which is better?" New topic
Author

Hidden variables Vs session variables - Which is better?

sudheshna Iyer
Ranch Hand

Joined: Aug 20, 2004
Posts: 71
I guess this is the most common question. What is the better way to carry the form variables back to
servlet and finally store in DB?

Do you prefer hidden variables Vs session variables? I am using JSP,Spring and Hibernate.

Please suggest.
Bauke Scholtz
Ranch Hand

Joined: Oct 08, 2006
Posts: 2458
With hidden variables you actually mean request scoped variables?

Well, I just say to myself: request scoped data should be kept in the request scope only and session scoped data should be kept in the session scope only. Fairly obvious. Storing request scoped data in the session scope has a fairly negative impact on the user experience. Think about what would happen if the user opens the same site in a new browser window or a new tab and navigate through both?
Satya Maheshwari
Ranch Hand

Joined: Jan 01, 2007
Posts: 368
sudheshna Iyer wrote:I guess this is the most common question. What is the better way to carry the form variables back to
servlet and finally store in DB?

Do you prefer hidden variables Vs session variables? I am using JSP,Spring and Hibernate.

Please suggest.


Are you using Hidden variables/session attributes, for session tracking? If yes, I would say, session attributes should work. Hidden Variables may act as security holes as they can be manipulated by doing a 'View Source' on the html.


Thanks and Regards
Amir Iqbal
Ranch Hand

Joined: Jun 23, 2007
Posts: 97
yes me too agreed with Satya's suggestion.
because session is more secure and reliable. that's why it is given preference.


i am Java +ve Now !
Bauke Scholtz
Ranch Hand

Joined: Oct 08, 2006
Posts: 2458
"Session tracking" is a big word.

Session scoped data is to be stored in the session scope.
Request scoped data is to be stored in the request scope.

That´s all. Security is no issue here. Request scoped data is always to be controlled by the client, simply because it is the only one who fires requests. If you really have a hard head in, then you can just make use of preshared keys.
Vinoth Thirunavukarasu
Ranch Hand

Joined: Dec 18, 2008
Posts: 164

We created session for session tracking. It can't be view by any one. But we can view hidden variables by using viewsource and this value can be get through request scope.


Java Best Practices
Linux Best Practices
Amortization Calculator

Bauke Scholtz
Ranch Hand

Joined: Oct 08, 2006
Posts: 2458
vinoth thirunavukarasu wrote:We created session for session tracking. It can't be view by any one. But we can view hidden variables by using viewsource and this value can be get through request scope.

Uh yes, I understand you, but you apparently didn´t understand me. Still, "session tracking" is a big word. Also, you normally don´t create the session yourself, this is normally to be done by the application server. You just use HttpSession#get/setAttribute() to handle stuff in the session scope (note: this is NOT the same as session tracking what most of you seem to think, that is normally already done for you by the application server).
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Hidden variables Vs session variables - Which is better?