Help coderanch get a
new server
by contributing to the fundraiser
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

HttpSession

 
Ranch Hand
Posts: 177
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi, I am confused with the HttpSession object. It is sent from the client through HttpServletRequest. But how does the servlet identify a HttpSession object to track the user session? In other words, how does servlet know that the HttpSession object is from a particular client in order to do the tracking?
Thanks!
 
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
The Server (Servlet), with every HTTPSession, places a cookie on the client. The Client returns this cookie which is identified by the servlet... thus retrieving the HTTP Session object. This special cookie's value is set by the Servlet automatically whenever a HTTP Session is made, and this value is UNIQUE.
AM I RIGHT - ANYONE?
regards...
nutan
 
Ranch Hand
Posts: 83
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by nutan prakash:
Hi,
The Server (Servlet), with every HTTPSession, places a cookie on the client. The Client returns this cookie which is identified by the servlet... thus retrieving the HTTP Session object. This special cookie's value is set by the Servlet automatically whenever a HTTP Session is made, and this value is UNIQUE.
AM I RIGHT - ANYONE?
regards...
nutan


Close, but not right. The servlet does not send the cookie. The servlet CONTAINER sets the session id and sends the cookie. The cookie contains the session id. When the client makes another connection, it returns the cookie, the servlet container extracts the session id and uses that to retrieve the correct session when the servlet calls getSession(boolean).
 
author
Posts: 3252
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Kevin Mukhar:
Close, but not right. The servlet does not send the cookie. The servlet CONTAINER sets the session id and sends the cookie. The cookie contains the session id.


If the client has cookies disabled (or does not support them), this scheme falls apart. But your servlet container may support URL rewriting to include the session ID as part of the URL. This works with any browser.
However, URL rewriting also takes some effort on your part because it only works if you call HttpServletResponse.encodeURL(String) faithfully for every URL you write out.
- peter
 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Peter den Haan:
If the client has cookies disabled (or does not support them), this scheme falls apart. But your servlet container may support URL rewriting to include the session ID as part of the URL. This works with any browser.
However, URL rewriting also takes some effort on your part because it only works if you call HttpServletResponse.encodeURL(String) faithfully for every URL you write out.
- peter



Minor nit...in addition to the servlet container, the web server may also support URL rewriting. The Apache webserver is still faster (and theoretically safer) at serving static content than the Jakarta Tomcat webserver/container, so I compiled mod_rewrite into Apache to allow the session ID to be "tracked" across dynamic and static pages.
 
Sheriff
Posts: 7001
6
Eclipse IDE Python C++ Debian Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
"Diskmuncher",
The Java Ranch has thousands of visitors every week, many with surprisingly similar names. To avoid confusion we have a naming convention, described at http://www.javaranch.com/name.jsp . We require names to have at least two words, separated by a space, and strongly recommend that you use your full real name. Please choose a new name which meets the requirements.
Thanks.
 
She said she got a brazillian. I think owning people is wrong. That is how I learned ... tiny ad:
We need your help - Coderanch server fundraiser
https://coderanch.com/t/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic