• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

What is the difference between Session and HttpSession?

 
harke baj
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi everybody,

Could someone tell me the difference between Session and HttpSession? What are they used for?

Is the session in servelets, httpSession?

Thanks,

harke
 
Joachim Rohde
Ranch Hand
Posts: 433
Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Have you had a look into the JavaDocs? To which implementation do you refer? Session is such a general name for a class that you can find it in nearly every second project.
Btw.: What has this question got to do with security?
 
harke baj
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes it is related to security. Well I may not have been more clear. Sorry for that.

Actually, I am trying to write a simple client - server secret key exchange program. I saw an article in the internet that says that the server also needs to return a "session id". I did not get what the article meant by that. I just know about the servelet session.

So thats y i wanted to know if there is a different "session". Like generating a unique "session id" for a user apart from the normal httpsession. This "session id" is used to maintain the security (authentication) of the client.

Thank you.
 
Joachim Rohde
Ranch Hand
Posts: 433
Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You don't have by any chance a link to this article?
 
Pat Farrell
Rancher
Posts: 4678
7
Linux Mac OS X VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
harke baj wrote:Actually, I am trying to write a simple client - server secret key exchange program.


Wow, this is a complex topic, and other as a learning experience, a really bad idea. A secret key is supposed to be kept secret. Exchanging them is a really bad idea in general.

What some good protocols do is generate a transmission key just for an exchange of data, and use RSA to encrypt the transmission key, Send that, and use the transmission key with a block cipher such as AES, to encipher the cleartext. Send the cipher text, and the other guy can use RSA to decrypt the transmission key. Then he can use the transmission key to read the message.

Sending long term secret keys is a really, really bad idea.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic