jQuery in Action, 3rd edition
The moose likes Servlets and the fly likes What is a Session's scope? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "What is a Session Watch "What is a Session New topic

What is a Session's scope?

Lou Pelagalli
Ranch Hand

Joined: Nov 11, 2003
Posts: 150

I had thought that a "session" was associated with the the browser window. When an new browser window is opened a new session is created and associated the new browser window.

However the code below displays the same Session ID for two browser windows, leading me to believe that I am not correct.

Can someone help me with the following questions?
1) What is the scope of a session?
2) What is the scope of an application.
3) How are user's information kept seperated from one another. For example, two users select items for purchase at Amazon.com. How might theiir purchases be seperated?

Abhay Agarwal
Ranch Hand

Joined: Feb 29, 2008
Posts: 1341

Session is associated with user (to be specific - user visit to web application). When user open web application on browser, a session is created by web container. If required in logic manipulation in java code, we can use this session object using HTTPSession methods. Once user browser is closed then session is terminated.

Application scope is associated with web application. As long as web application is deployed on web container, application scope is maintained. there is one application object which is accessible/shared to all users (whole application). If any variable is set in application, it will be accessible to all users (all servlet code etc).

A session object is created per user visit (visit can contain multiple page requests). If there are 5 users accessing web application, then there will be 5 sessions. And this how we separate one user request from another user request (Amazon purchases in your example).

~ abhay

Oracle certified Java 8 Programmer I (1Z0-808), Oracle Java Web Service Developer (1z0-897), Oracle certified Java 7 Programmer, SCJA 1.0, SCJP 5.0, SCWCD 5.0, Oracle SQL Fundamentals I, CIW Certified Ecommerce specialist
Lou Pelagalli
Ranch Hand

Joined: Nov 11, 2003
Posts: 150
Hi Abhay,

Thank you for your reply!

Your answer then takes me back to my observation that the following code displays the same session id in two different browser windows.

I'm using IE 8 and Tomcat 7.0.5.
The browsers and server on the same machine, and I'm using http://localhost:8080 to connect to Tomcat. Note that they are simple servlets, no logon or user id. Just open the browser and address to the servlet to execute the code above.

My questions now are
1) Why would the session ids be identical on two different browser windows open a the same time? Is it because both requests originate on the same client machine?

2) How is data in the application scope accessed?

Thank You!

Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63858

The session has nothing to do with a window or with a user. The session is all about cookies. If two browser windows share cookies, they will share the session. Period.

Application scope is accessed through the ServletContext.

[Asking smart questions] [About Bear] [Books by Bear]
Lou Pelagalli
Ranch Hand

Joined: Nov 11, 2003
Posts: 150
That clears it up for me Bear!

That also explains why I can log on to javaranch.com, open another browser window, navigate to javaranch.com, and be logged in on the second browser window. And since the cookies expire when I close all browsers, I'm logged off.

Thank you Bear, you rock!
Jagan mohan paspula

Joined: Jul 07, 2011
Posts: 6
The way httpsession getting like:

HttpSession session = req.getSession(true);
out.println("Session ID is: " + session.getId() + "<br>")
The above code is created new session.if session is not avilable

HttpSession session = req.getSession();
out.println("Session ID is: " + session.getId() + "<br>")
The above code is created new session.if session is not avilable arenot

HttpSession session = req.getSession(false);
out.println("Session ID is: " + session.getId() + "<br>")
The above code is created wont created new session.
Most of the web server maintain deafult time out 30 min

we can maintain the session time out in web.xml
there is multipule way is

session time out we can maintain class level also
I agree. Here's the link: http://aspose.com/file-tools
subject: What is a Session's scope?
It's not a secret anymore!