Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HttpSession, session ID, cookie, jsession ID, confusions and confirmations..

 
Abimaran Kugathasan
Ranch Hand
Posts: 2066
Clojure IntelliJ IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I know, HttpSession is an object to track the users/clients. The contained automatically give a Session object, if we need. It generates a sessionID along with that session object to identify the clients. How does this sessionID generated? Is it server vendor specific? What about jsessionID? And cookie is there to identify the user's details for the developers, because, container will identify the user/clients with their sessionID? correct? And other purpose of the cookies is to save the clients current settings? Could you guys give me a details about these? I've confused this with various web sites.

Thanks.
 
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper
Pie
Posts: 2536
113
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Abimaran,

It generates a sessionID along with that session object to identify the clients. How does this sessionID generated?

It is just a random number, but unique for that particulair JVM (and vendor specific)

You can have session management either by cookies or by URL rewriting (or other possibilities like hidden fields, HTTPS)
  • Cookie: uses the name JSESSIONID
  • URL rewriting: uses the name jsessionid

  • So depending on what session management you are using the unique number is either sent by a cookie or through a URL the user is clicking on.

    Regards,
    Frits
     
    Abimaran Kugathasan
    Ranch Hand
    Posts: 2066
    Clojure IntelliJ IDE Linux
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Frits Walraven wrote:
    It is just a random number, but unique for that particulair JVM (and vendor specific)


    Then, if we use a distributed web application for load balancing, there might be a situation, where two client can have same sessionID according to yout information. What to do?
     
    Frits Walraven
    Creator of Enthuware JWS+ V6
    Saloon Keeper
    Pie
    Posts: 2536
    113
    Android Chrome Eclipse IDE
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    where two client can have same sessionID according to yout information. What to do?

    When you have a distributed web-app: there is still only one Session(-object) per session.
    So if we distribute it over two JVM's, the request is either handled by this JVM or handled by the other, but only after the Session-object has migrated to the other JVM. On that JVM it will probably get another (unique) Id,

    Regards,
    Frits
     
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic