Well, I just say to myself: request scoped data should be kept in the request scope only and session scoped data should be kept in the session scope only. Fairly obvious. Storing request scoped data in the session scope has a fairly negative impact on the user experience. Think about what would happen if the user opens the same site in a new browser window or a new tab and navigate through both?
sudheshna Iyer wrote:I guess this is the most common question. What is the better way to carry the form variables back to
servlet and finally store in DB?
Do you prefer hidden variables Vs session variables? I am using JSP,Spring and Hibernate.
Are you using Hidden variables/session attributes, for session tracking? If yes, I would say, session attributes should work. Hidden Variables may act as security holes as they can be manipulated by doing a 'View Source' on the html.
Session scoped data is to be stored in the session scope.
Request scoped data is to be stored in the request scope.
That´s all. Security is no issue here. Request scoped data is always to be controlled by the client, simply because it is the only one who fires requests. If you really have a hard head in, then you can just make use of preshared keys.
vinoth thirunavukarasu wrote:We created session for session tracking. It can't be view by any one. But we can view hidden variables by using viewsource and this value can be get through request scope.
Uh yes, I understand you, but you apparently didn´t understand me. Still, "session tracking" is a big word. Also, you normally don´t create the session yourself, this is normally to be done by the application server. You just use HttpSession#get/setAttribute() to handle stuff in the session scope (note: this is NOT the same as session tracking what most of you seem to think, that is normally already done for you by the application server).