aspose file tools*
The moose likes Security and the fly likes What is the difference between Session and HttpSession? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "What is the difference between Session and HttpSession?" Watch "What is the difference between Session and HttpSession?" New topic
Author

What is the difference between Session and HttpSession?

harke baj
Greenhorn

Joined: Feb 02, 2010
Posts: 28
hi everybody,

Could someone tell me the difference between Session and HttpSession? What are they used for?

Is the session in servelets, httpSession?

Thanks,

harke
Joachim Rohde
Ranch Hand

Joined: Nov 27, 2006
Posts: 423

Have you had a look into the JavaDocs? To which implementation do you refer? Session is such a general name for a class that you can find it in nearly every second project.
Btw.: What has this question got to do with security?
harke baj
Greenhorn

Joined: Feb 02, 2010
Posts: 28
Yes it is related to security. Well I may not have been more clear. Sorry for that.

Actually, I am trying to write a simple client - server secret key exchange program. I saw an article in the internet that says that the server also needs to return a "session id". I did not get what the article meant by that. I just know about the servelet session.

So thats y i wanted to know if there is a different "session". Like generating a unique "session id" for a user apart from the normal httpsession. This "session id" is used to maintain the security (authentication) of the client.

Thank you.
Joachim Rohde
Ranch Hand

Joined: Nov 27, 2006
Posts: 423

You don't have by any chance a link to this article?
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4658
    
    5

harke baj wrote:Actually, I am trying to write a simple client - server secret key exchange program.


Wow, this is a complex topic, and other as a learning experience, a really bad idea. A secret key is supposed to be kept secret. Exchanging them is a really bad idea in general.

What some good protocols do is generate a transmission key just for an exchange of data, and use RSA to encrypt the transmission key, Send that, and use the transmission key with a block cipher such as AES, to encipher the cleartext. Send the cipher text, and the other guy can use RSA to decrypt the transmission key. Then he can use the transmission key to read the message.

Sending long term secret keys is a really, really bad idea.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: What is the difference between Session and HttpSession?