HttpSession vs. Pseudo Session

Guys,

We are using servlet's HttpSession in our application. Just because of some of the drawbacks of HttpSession, I am looking for an alternative to HttpSession. Has anyone used/experienced pseudo session previously or has replaced HttpSession with any other alternative? Pseudo session is an efficient mechanisam especailly very scalable across multiple servers but I am seeking, if anyone has any experience to share.

Also, as a side note: In current application we have two browser windows (parent and child). Parent and child window both are completely different applications. Appication A invokes app. B as child window. Whenever user closes child window (by any means ALT+F4 or clicking browser "x" button) I need to clear the session of application B (child window). Currently I am working on dirty solution for this but does anyone have any better idea on doing this?

I guess you mean this Pseudo Session idea? You're trading memory for time since it will take longer to fetch these sessions from disk than from memory. You're also taking on the job of session continuity with the id on every URL. And this seemed to only store Strings (unless I didn't read to the end) so you give up storing arbitrary objects.

I'd insist on testing thoroughly to prove that you have a memory issue that makes "doing nothing" a bad choice, and that this will be acceptably fast. I'd also look to the container for solutions. Eg, is there an option to serialize sessions to database and take them out of memory?

If you decide you MUST get part or all of your session data out of memory, look into a database solution. Leave concurrency and transactions to the pros. A a shared database would work in a cluster where a user might hit one server on one request and another on the next.

Also, if you are finding HTTP Sessions restrictive, consider using EJB Session Beans.

As for the session log-out thing, you could use JavaScript - but you obviously can't rely on this, try a lower session timeout period... but really unless you are using some client side programming (Applet or JavaScript) you have no way to tell if the client has left (not that I know of!) because of the state-lessness nature of HTTP.

Session timeout probably isn't what you want, if you want the session to be invalidated immediately. Javascript is the only doable option I can think of - but you might not want to rely on the unload event since it can trigger when you might not want it to (like during a refresh.) You'd probably need a fast firing timer setting off a keep-alive message, and if the message isn't received within however many seconds, set off a request to invalidate the session.

-Yuriy