• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

What is the difference between Session and HttpSession?

 
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi everybody,

Could someone tell me the difference between Session and HttpSession? What are they used for?

Is the session in servelets, httpSession?

Thanks,

harke
 
Ranch Hand
Posts: 433
Netbeans IDE
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Have you had a look into the JavaDocs? To which implementation do you refer? Session is such a general name for a class that you can find it in nearly every second project.
Btw.: What has this question got to do with security?
 
harke baj
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes it is related to security. Well I may not have been more clear. Sorry for that.

Actually, I am trying to write a simple client - server secret key exchange program. I saw an article in the internet that says that the server also needs to return a "session id". I did not get what the article meant by that. I just know about the servelet session.

So thats y i wanted to know if there is a different "session". Like generating a unique "session id" for a user apart from the normal httpsession. This "session id" is used to maintain the security (authentication) of the client.

Thank you.
 
Joachim Rohde
Ranch Hand
Posts: 433
Netbeans IDE
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You don't have by any chance a link to this article?
 
Rancher
Posts: 4803
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

harke baj wrote:Actually, I am trying to write a simple client - server secret key exchange program.



Wow, this is a complex topic, and other as a learning experience, a really bad idea. A secret key is supposed to be kept secret. Exchanging them is a really bad idea in general.

What some good protocols do is generate a transmission key just for an exchange of data, and use RSA to encrypt the transmission key, Send that, and use the transmission key with a block cipher such as AES, to encipher the cleartext. Send the cipher text, and the other guy can use RSA to decrypt the transmission key. Then he can use the transmission key to read the message.

Sending long term secret keys is a really, really bad idea.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic