Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

cookie vs httpsesion object

 
Neeraj Vij
Ranch Hand
Posts: 315
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

which option is better in maintaing the sesion in a real time application.

cookies or session object ?

site will be having large no.of hits and will be deployed under a clustered environment.

thanks,
neeraj.
 
Cameron Wallace McKenzie
author and cow tipper
Saloon Keeper
Posts: 4968
1
Hibernate Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, an HttpSession is the server side component available in the Servlet and JSP API, and it's the one that pretty much every large site uses, so simply 'majority rules' would indicate the HttpSession.

But an HttpSession often uses a cookie on the client to plant an ID, so in most cases, they are part of the same solution, unless you are using URLRewriting.

Use the HttpSession. Don't mess around too much with cookies.

-Cameron McKenzie
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13071
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The only case in which I would even consider cookie(s) over a session would be if the "user state" to be preserved could be represented very compactly in short string(s) AND exposing the contents did not constitute a security problem. There are big limitations on how much cookies can store - search for rfc2965.

Bill
 
Neeraj Vij
Ranch Hand
Posts: 315
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

Thanks for your inputs. If it is possible, please provide some more justification for using httpsession object over cookie.

thanks,
neeraj.
 
Cameron Wallace McKenzie
author and cow tipper
Saloon Keeper
Posts: 4968
1
Hibernate Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why do I feel like I'm answering somebody's homework assignment?

Let's put it back on you. Why would you want to use a cookie, when the Servlet and JSP API provides you a much easier and reliable HttpSession?

-Cameron McKenzie
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic