• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

simple doubt in session management

 
Ranch Hand
Posts: 3851
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have developed a very simple example to illustrate session management:



First I am clarifying that, I haven't written any special code for URL rewritting, so there is only one way to maintain session and that is cookies.

Now, when user will open login.jsp and enter username and password, the request will go to servlet. Servlet will create session, add id of this session into cookies and add this cookies into response, forward request to welcome.jsp. After completing welcome.jsp, the servlet will respond to the client...

Now, if we click on 'next' link, the same cookies will come with this new request, container will find session as per the session id found in cookies, and go further...

But before clicking on 'next' button, I am deleting all the cookies through browser (means, no cookies will come with this request), but still container is able to manage session. How???

Thanks.

[ July 15, 2006: Message edited by: rathi ji ]
[ July 15, 2006: Message edited by: Bear Bibeault ]
 
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think it is because jsp manages session by using both cookies and urlrewriting. If the container doesn't see a cookie , it will be looking for sessionID
 
Ranch Hand
Posts: 334
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Your session will be managed by HttpSession on the server and the session will not be managed by cookies. When you use cookies explicitly instead of HttpSession, in this case, the session would not available after deleting all cookies via browser.
Cookies are created on the client side
HttpSession is maintained on the server side.

I hope it might help you.

bye for now
sat
 
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello, everyone!
I have tried to find out how does the container manage sesssion.
I have deleted all the cookies, the container still able to find the session.
I guess that the cookie has been loaded in memory, although you have delete all cookies,
you cannot delete the cookie in the memory.
If you delete all the cookies, close current browser , and open your page in another browser
you will never find the session any longer.

Regards
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, session cookies are stored in memory.
MSIE has a section for allowing/disallowing them (under the privacy -> advanced) tab.

If you have the LiveHTTPHeaders plugin for FireFox installed, you can see the name and value of the session cookie being passed back and forth from the server to the client while you're hitting your site.
 
ankur rathi
Ranch Hand
Posts: 3851
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Ben & All.

Satish, you are missing something...
 
Can you hear that? That's my theme music. I don't know where it comes from. Check under this tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
    Bookmark Topic Watch Topic
  • New Topic