• Post Reply Bookmark Topic Watch Topic
  • New Topic

HttpSession Dilemma

 
Sandep Chaturvedi
Ranch Hand
Posts: 49
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am sure this topic has been discussed before.
I have a web application which draws heavy traffic (still!). User preferences are needed thru out the session. If I use session to store these I get in serious session management issue and system crashing.
I came up with a custom HttpSession solution where, I store all simple objects (int,strings) in the cookie. If there are any complex object (Map), I create HttpSession and store the complex object in HttpSession.
If a user had cookie disabled then we will store everything in HttpSession.
This model work great except first time, when the request comes in and user has cookie disabled: I loose the data since once I check the cookie first time, its too late to create the HttpSession. After that it works fine.
Any suggestions how to solve this problem or alternative to this whole approach.
 
Yuriy Fuksenko
Ranch Hand
Posts: 413
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I just posted something that sounds simular to that here (look at he end of that thread):
http://www.coderanch.com/t/281041/JSP/java/Back-button-JSP
 
Sandep Chaturvedi
Ranch Hand
Posts: 49
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks. It sure is a good idea - but what if I want to store data which I dont want user to know about (he can grab it from the form if he knows its there)?
 
Yuriy Fuksenko
Ranch Hand
Posts: 413
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes,
He can grab it from a form, transform to byte array, create ByteArrayInputStream than use ZipInputStream and ObjectInputStream, read the object, than cast it to a HashMap and get this values
If you really conserned about this, you could encrypt a result string on a way to your page and decrypt it when you get it back.
 
Ruilin Yang
Ranch Hand
Posts: 150
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How about put all object into HttpSession object. This is what I do. It works fine.
??
 
Yuriy Fuksenko
Ranch Hand
Posts: 413
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
There are some disadvantages in using HttpSession :
1. You need to keep your page in sinc with session info. Back button could easly blow up you web app.
2. scalability. A lot of users with session information will eat memory on a server.
3. If user does in IE File-New-Window, or opens multiple instances of NS, this windows will share same session, so if you access same page from both of them you could get some unpredictable results.
I am not saying "don't use HttpSession". I am saing "there is an altrnatives" so, use it if you want, or use something else, if you like it better.
[ August 29, 2002: Message edited by: Yuriy Fuksenko ]
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!