This week's book giveaway is in the OCAJP forum.
We're giving away four copies of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) and have Khalid A Mughal & Rolf W Rasmussen on-line!
See this thread for details.
Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Difference between Cookies and Session in servlets

 
Sumit Neets
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am preparing for SCWCD and reading the HFSJ book.

I am on topic of Session managament, But i got confused between the cookies and session.

Could anyone please explain me the differnce between these 2 in detail ?


Thanks,
Sumit
 
Sebastian Janisch
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Cookies are little text files that are stored on the client side. Their sole purpose is to send subsequent information to the server.

In correlation with sessions, cookies are one way of achieving session tracking (the other is url rewriting).

Upon session startup, the server tells the client to create a cookie and store a unique ID in it, that the client has to send with every request that goes to the server. The server uses this ID to identify the session the request belongs to.

So, to sum it all up, "Cookies are a way to enable session tracking"
 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sebastian Janisch wrote:
In correlation with sessions, cookies are one way of achieving session tracking (the other is url rewriting).


another way is hidden field .

cookie is created on server and stored on client

 
Sumit Neets
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks a lot .....
 
Hong Anderson
Ranch Hand
Posts: 1936
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
seetharaman venkatasamy wrote:
Sebastian Janisch wrote:
In correlation with sessions, cookies are one way of achieving session tracking (the other is url rewriting).


another way is hidden field .

Using hidden fields is a way to pass state to another page, but not a way to implement session tracking.
 
Sebastian Janisch
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Kengkaj Sathianpantarit wrote:
seetharaman venkatasamy wrote:
Sebastian Janisch wrote:
In correlation with sessions, cookies are one way of achieving session tracking (the other is url rewriting).


another way is hidden field .

Using hidden fields is a way to pass state to another page, but not a way to implement session tracking.


I think there is a way to embed the session id in a hidden field in a login form for instance.
 
Hong Anderson
Ranch Hand
Posts: 1936
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sebastian Janisch wrote:
Kengkaj Sathianpantarit wrote:
seetharaman venkatasamy wrote:
Sebastian Janisch wrote:
In correlation with sessions, cookies are one way of achieving session tracking (the other is url rewriting).


another way is hidden field .

Using hidden fields is a way to pass state to another page, but not a way to implement session tracking.


I think there is a way to embed the session id in a hidden field in a login form for instance.

It is possible but it's not a standard way. We have to implement that in both server-side (like set session id to a request attribute) and client-side (read session id and set to a hidden field, and the client also needs to pass the session id to every link). Furthermore, we have to pass that session id as a hidden field across all pages.
 
prashant k. gupta
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Upon session startup, the server tells the client to create a cookie and store a unique ID in it, that the client has to send with every request that goes to the server. The server uses this ID to identify the session the request belongs to.



I am not sure whether client used to create session. i guess server will create session and attach sessionId to the response which can be send by client while making further request.

Correct me if i am wrong.
 
Hong Anderson
Ranch Hand
Posts: 1936
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The server creates session, the client creates a cookie which contains the session id.
 
priya rishi
Ranch Hand
Posts: 119
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Kengkaj Sathianpantarit wrote:
The server creates session, the client creates a cookie which contains the session id.



I dont think , the client creates a cookie.

Server creates the cookie (name , value) pair.


sends the cookie in response

and then the client stores it.

From then on, everytime client sends the request to this web server , cookie is sent with the request (request header), from which the server identifies the user.(This happens until the cookie expires or the user deletes the cookie)

Correct me , if i am wrong.
 
Hong Anderson
Ranch Hand
Posts: 1936
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm sorry, you're right. The server creates and sends cookie to the client, and the client stores it and sends to the server.
 
Sumit Neets
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It means Cookie is one type of establishing session and it is part of session.

Session can be created with the 2 methods :--

(1) Through Cookies.
(2) Through URLrewriting.

For Cookie method client also have to enable cookies on internet explorer--> Tools --> Privacy.


Please correct me if i am wrong.

Thanks a lot to all of you.......
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic