Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Joining a session...session and cookies.

 
Tyler Wright
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi folks,

Can someone explain in more detail what "joining a session" means technically.

A client requests a resource from an Http server. The request actually goes to a servlet in which the following code exists
request.getSession();
getSession will return a session or if there is not one will create and return a new one.

On HttpSession there is a method isNew() which the documentation says:
Returns true if the client does not yet know about the session or if the client chooses not to join the session. For example, if the server used only cookie-based sessions, and the client had disabled the use of cookies, then a session would be new on each request.


Now, if cookies were allowed by the client brower would the server somehow know the cookie named (JSESSIONID) and use this to locate the persisted information about that user's session?

If the server persists this information, where would it store it...seems like over time storage space would runout.


Tyler
 
Dumitru Postoronca
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When a client joins a session, it means that the client sends back the session id to the server.

Simple case using cookies:
On first request, you create a session in the servlet and the container sends a cookie with the session id to the client. (session obj is stored on server, cookie is stored on the client).

When the client sends the second request, it also sends session id back (from the cookie). The container sees the session-id being passed back so it recognizes that this new request is from the same client, also the session will be marked as "not new" because the old session object will be reused.


Joining a session means sending the same id back (either by using cookies or URL-rewriting) for the server to recognize it.

To put it differently, when you send a invitation(cookie) to someone, you're not sure they're coming to your party. When they actually show up at the party(request #2), identifying themselves with the invitation(session) "id", one can say they actually joined the party.
 
Tyler Wright
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Dumitru,

Very good explanation; that clears up my confusion.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic