what is session ?

Can Some one explain what session means servlet?
When it starts and when it ends ? or
When the session id is created and destroyed ?

"I think, the session or the session id will be the same,
as long as you send the request to the servlet from the same browser instance", Am I correct ?

thanks
siva

[ February 03, 2006: Message edited by: Siva kandasamy ]

[ February 03, 2006: Message edited by: Siva kandasamy ]
[ February 04, 2006: Message edited by: Siva kandasamy ]

Hi,

First of all let me tell you why the session is needed. HTTP is a stateless protocol. So, it can't be used to store a state. Session tracking is the answer for that. Now, there are two techniques of session tracking. One is Cookies and the other is by the mean of HttpSession. The second one is widely used which you can say kind of new concept of storing a state of a user session.

Whenever a client sends a request to the server for the first time, a new session instance is created. Here, client means a new instance of a browser. If you've already requested and you're opening a new browser, it'd create a new session object for that browser. Or, if you press ctrl + n to the existing window, a new session would not be created as it was initiated from the previous browser. Now, whatever data being stored by the mean of session, is kept on the server. More preciously, the servlet container maintains a kind of hashmap where the key would be a session id and the value would be an HttpSession object. No need to tell that each id is associated with each "new instanced" browser. Now again there are two techniques of storing this id. First by cookie AND by URL re-writting or hidden elements.

A session id is maintained to retrive session information lied on the server. Everytime, whenever the client request for any resource, along with the request parameters, the session id is being passed as an extra parameter. So, on the server end, the object against that id is being searched from that hashmap and that object is returned if any operation is being made on that session.

An HttpSession object stored on the server is invalidated after a session timeout time. On tomcat, session timeout is 30 mins. So, say if a session is not being accessed, rather from the same browser, for 30 mins, any request has not come, the session would be destroyed. To destroy an HttpSession programatically, invalidate() method can be used.

I hope this would help . There are a lot material available on session. You can search on the web and have a more clear idea.