storing data in session

I felt a bit weird when i came to know that it's not good to store much data into the session as attributes. I thought we are storing only references to those data in it and it is not going to affect our application in any means.

I read that it will hit the performance our web-app because each time when we access the session, the container has to process the entire data.

In my application i retrieve 100s of records, put them in the list, and put the list into the session object as an attribute. My thinking about this is, session just maintains a map of attributes - mapping the attribute name(key) with the reference of the object we put in. When we retrieve the list of data from the session it's just going to retrieve the refernce to that list. Is it going to make any difference , when we put a string object inside the session and putting in a list of large data into the session? Why people are suggesting to maintain the session data in DB Table instead inside the session? Is it not a performance hit to fetch from a DB?

Please help me understand the mystery behind it.
Thanks in Advance!

As per my understanding, the session data is stored in the server memory. So, storing huge data in server would consume server memory. So, only that user specific data which is needed frequently should be stored in session. Fetching data from DB is definitely a costly operation but that depends on the amount of data desired. If the data being fetched is huge one, it is worth making the DB transaction and store it in say some cache.Cache can be cleared based on some rules.
Session data will live in the server's memory as long as user session is active.

Looking forward to more thoughts on this.

Yes, the HttpSession object is basically a Map pairing session object names with session objects. However, that doesn't mean the session objects don't occupy RAM. They're still objects, whether you have them "directly" or not. And the amount of RAM (JVM heap space) that is tied up while a session is active is approximately equal to the average amount of RAM for one user's session times the number of active user sessions. Which means that if you have 1600 bytes worth of session data per user (and don't forget that there's maybe 20-30 bytes of system overhead per object), and 1000 users, you're chewing up 1.6 million bytes of RAM. The more users, and/or the more session storage, the harder it is to scale up.

Yes, accessing a session object directly can be much, much faster than pulling data from a file or database, but sometimes it's worth the performance hit just to be able to support more users. And when you are talking industrial-scale applications, it's not uncommon for the data persistency mechanism to maintain a cache of frequently-used (and possibly shared) objects, which can greatly reduce that overhead. The EJB mechanism, for example, allows you to collapse EJBs to "handles", which are very small, which your application code then requests the EJB manager to resolve back to the original EJBs, so that the only time you need to use the extra memory is while you are actually processing an HTTP request.

Note that servlet containers are allowed to serialize a session out to disk any time they feel like it. Thats why only references to Serializable objects should be stored in sessions.

Your application might run just fine with a small load but get mysterious errors with a larger one if you ignore this point.

Bill

William Brogden wrote:Note that servlet containers are allowed to serialize a session out to disk any time they feel like it. Thats why only references to Serializable objects should be stored in sessions.

Your application might run just fine with a small load but get mysterious errors with a larger one if you ignore this point.

Bill

Recent versions of Tomcat may refuse to set non-serializable objects as session objects. This also extends to non-serializeable sub-objects.

And whether it works or not, never store a Connection as a session object!