Session identification

Hi,

HttpServletRequest interface has a method named getSession()
which says it returns the current session associated with this request, or if the request does not have a session, creates one.

My question is how is it identified by server, I mean the session belong to the current request?

Where does it search for the session which belongs to current request?

thank you

Hi Sumit,

Session tracking for servlet containers works similar to session tracking in "ordinary" HTTP servers. Servlet containers may use cookies to identify clients by the generated session ID stored in the cookie. As a fallback solution it's also possible to use URL rewriting to encode the session ID into the URL. For SSL connections the container may additionally use the session mechanism integrated in the SSL protocols.

Marco

Hi Marco,

Thanks for reply.

one more query.. If a user login to an application using two different browser from same machine, would the same session Id be generated by container or there will be two different session id?

Originally posted by Sumit Bansal:
If a user login to an application using two different browser from same machine, would the same session Id be generated by container or there will be two different session id?

1.two different browser-----------> then two different session id

2.two different window from same browser-----------> then only one session id

Hope this helps

Originally posted by seetharaman venkatasamy:


1.two different browser-----------> then two different session id

2.two different window from same browser-----------> then only one session id

Hope this helps

And thats why session attributes are not thread-safe