HttpSession vs. Pseudo Session

Guys,

We are using servlet's HttpSession in our application. Just because of some of the drawbacks of HttpSession, I am looking for an alternative to HttpSession. Has anyone used/experienced pseudo session previously or has replaced HttpSession with any other alternative? Pseudo session is an efficient mechanisam especailly very scalable across multiple servers but I am seeking, if anyone has any experience to share.

Also, as a side note: In current application we have two browser windows (parent and child). Parent and child window both are completely different applications. Appication A invokes app. B as child window. Whenever user closes child window (by any means ALT+F4 or clicking browser "x" button) I need to clear the session of application B (child window). Currently I am working on dirty solution for this but does anyone have any better idea on doing this?

Sounds like a maintanence nightmare having the dual window apps. But if the child window (app B) is closed and it is separate from app A, then closing the child will kill the child's session automatically (as you say you want to happen). Did you really mean that closing A would kill B's session or that closing B would kill A's session?

What are the drawbacks of HttpSession that you are dealing with? I've had pretty good luck wrapping HttpSession from a filter.

What drawbacks of HttpSession are you referring to? Session management in JEE webapps is meant to be handled via the Servlet API and HttpSession, so I'd be curious as to why someone might feel the need to do otherwise.

Marc: Application A is a parent window, B is child (which is opened using javascript window.open function. Killing window B doesn't clear session of B. I looked into onUnload html function to call a javascript to call jsp to invalidate session. Problem with onUnload is: it gets called every time you leave a page (go to next page). how do I circumvent ? I am less experienced in javascript.

Jason: Disadvantages of using session.
1)Session objects are stored in memory and consume significant resources.
2)Session tracking relies on cookies. Some users turn off cookies for various reasons, especially for security reasons.
3)Session tracking uses session identifiers that are created by the server. 4)In situations where many Web servers and many JVMs are used, the session tracking simply does not work because servers do not always understand each other's session identifiers

This should handle your problem with unLoad...

<script> function shutDown() { window.open('<html:rewrite page="/shutdown.do"/>', 'shutdown', 'width=200,height=200'); } </script> <body onLood="closing=true" onUnlood="if (closing) shutDown()"> <html:link page="/someAction.do" onclack="closing=false">Some Link</html:link>

When the page is loaded the variable closing is set to true. The body onUnload attribute calls the javascript function shutDown if closing is true. Each link's onclick attribute sets closing to false, keeping the shutdown() function from being called when a link is clicked.

The javascript shutdown() function opens a new window that points to shutdown.do. shutdown.do points to the action invalidating the session, and upon completion forwards to shutdown.jsp, which simply closes itself.

shutdown.jsp
<html> <head> <title> Logging Off Application </title> </head> <body onLood="self.close()"> </body> </html>

Had some trouble getting this to post due to UBB filters, so replace "Lood" in onLood and onUnlood with "Load", and replace "onClack" with "onClick". :roll:
[ August 17, 2005: Message edited by: Jason Menard ]

Originally posted by Vicky Pandya:
Jason: Disadvantages of using session.
1)Session objects are stored in memory and consume significant resources.
2)Session tracking relies on cookies. Some users turn off cookies for various reasons, especially for security reasons.
3)Session tracking uses session identifiers that are created by the server. 4)In situations where many Web servers and many JVMs are used, the session tracking simply does not work because servers do not always understand each other's session identifiers

I think you may be a bit too concerned with sessions taking up too much room in memory. Too many times someone reads an article that gives them the idea that sessions are evil and that is far from the truth. There are very few applications that would have better performance without sessions.

If it is an internal app, the number of users should not be all that many and so the session space is minimal. Also, an internal app can require cookies.

If it is an external app, much can still be done to manage session data properly without throwing the concept of sessions completely out the window. Also, URL rewriting can easily take the place of cookies to maintain session support.

Some data will have to be stored somewhere. If it is not in session, you will need to propagate it from page to page, which uses more bandwidth because that data has to be sent client-server/server-client with every request. You should try to find the right balance between bandwidth and memory to have optimal performance and maintainability.

Jason:- That did work. Thanks a lot.