This discussion is archived
4 Replies Latest reply: Dec 8, 2011 4:37 AM by gimbal2 RSS

Are sessions created even when user is not logged on ?

904094 Newbie
Currently Being Moderated
Hi,

Wanted to know if a session is created and maintained by the application servers even if the user hasn't logged into the application?

Most of the time I see that developers would like to get or set information into session implicit object only when the user is logged into the application, so I wanted to know if a session is at all created when user doesn't at all gets logged in.

Also wanted to know where should I check such information on..? Application server guide doesn't tell that..

Thanks,
Riha.
  • 1. Re: Are sessions created even when user is not logged on ?
    gimbal2 Guru
    Currently Being Moderated
    Define "login". Connected to the server or actually logged in through some authentication screen?

    A session is created whenever a client makes a request to the server, so it has nothing to do with any kind of login.
  • 2. Re: Are sessions created even when user is not logged on ?
    904094 Newbie
    Currently Being Moderated
    I meant "login" as logged in through some authentication screen.

    When you say that "A session is created whenever a client makes a request to the server, so it has nothing to do with any kind of login" do you mean that through the entire time user is on a same browser instance, going through different pages of the site, the session object would remain same? If that is so, how does the server keep a track such-many-anonymous-users on so many different browsers..?
    I know I have deviated somewhat on the original topic, but it would help me (& others who are new) to understand better! Thanks ! -- Riha.
  • 3. Re: Are sessions created even when user is not logged on ?
    EJP Guru
    Currently Being Moderated
    through the entire time user is on a same browser instance, going through different pages of the site, the session object would remain same?
    Yes.
    If that is so, how does the server keep a track such-many-anonymous-users on so many different browsers..?
    Via Session objects at the server and cookies exchanged with the browsers.
  • 4. Re: Are sessions created even when user is not logged on ?
    gimbal2 Guru
    Currently Being Moderated
    EJP wrote:
    Via Session objects at the server and cookies exchanged with the browsers.
    Exactly that; a cookie containing the jSessionID value. This cookie will live as long as the browser instance is alive (and multiple instances will share the same cookie, so when you open three firefox browsers at the same time, you'll have the same session in all three).

    Either that or you explicitly use URL rewriting to pass along the jSessionID value, should you have a client with tracking cookie paranoia.


    I sense a question about session durance coming: you either invalidate the session yourself on some sort of logout function, or it will be cleaned up after a timeout period by the server. Usually this is 20 minutes by default.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points