This discussion is archived
7 Replies Latest reply: Aug 3, 2012 4:01 AM by EJP RSS

How is session maintained in the application server

800839 Newbie
Currently Being Moderated
Hi,

How is session maintained in the application server, internally what happens when the user has logged in ? We create a session and store the user details which will be stored in the session object in the server with a unique sessionID which will be validated when the same user login the system again? But how exactly the session is maintained in the Server internally? Please clarify.

Thanks.
  • 1. Re: How is session maintained in the application server
    gimbal2 Guru
    Currently Being Moderated
    A question answered within 10 seconds if only you would have taken a little bit of time to think of the proper google search query. Or read a good book on servlets, like has been advised to you before.

    The answer is that the server sets a cookie holding the sessionID, which is transmitted back to the server with each request by the browser. This is how the server can know which session (which is just a Map held in memory) belongs to which client. The mechanism can be disabled if cookies are not allowed; an alternative is to use url-rewriting which embeds the sessionID in the URL.

    Now go read a good book. Here, this one is free:

    http://pdf.coreservlets.com/
  • 2. Re: How is session maintained in the application server
    800839 Newbie
    Currently Being Moderated
    Thanks gimbal, I have a doubt for the same user with same credentials login the site 2 twice will have 2 different session Ids? That is for exaample, the user is entering the site for the first time a the user details are stored in the session and a sessionId is created for the user. Which is set in the cookie of the server. When the same user as logout and entering again to the site whether a different session Id will be created or the one which is created earlier will be validated for the same user and see whether the entered user does have a sessionId , if so attach the sessionId created for the user before else create a new sessionId for the user and set it in the server cookie? Please clarify.
  • 3. Re: How is session maintained in the application server
    EJP Guru
    Currently Being Moderated
    The session is invalidated when it expires or the user logs out. If the user presents an invalid session ID a new one is created and he is required to login to it if the application so dictates.
  • 4. Re: How is session maintained in the application server
    800839 Newbie
    Currently Being Moderated
    Thanks EJP, for example the User1 has logged in for the first time we store the information in a Session object a jsessionId is created he has not logout. Now the same user is using another browser instance and logging again , in such case what happens? Since he is not loggedoff whether a new session Id will be created for the second time? or how the server will identify that the same user has logged in another browser instance for which he has not logged off in the first browser instance and based on that invalidate the first browser instance? Please clarify.
  • 5. Re: How is session maintained in the application server
    EJP Guru
    Currently Being Moderated
    Thanks EJP, for example the User1 has logged in for the first time we store the information in a Session object a jsessionId is created he has not logout.
    So the browser stores a cookie.
    Now the same user is using another browser instance and logging again , in such case what happens?
    The browser finds the cookie and sends it.
    Since he is not loggedoff whether a new session Id will be created for the second time?
    Not unless the application invalidates the session or it expires or the application creates a new one.
    how the server will identify that the same user has logged in another browser instance for which he has not logged off in the first browser instance and based on that invalidate the first browser instance?
    It won't. The server can't see browser instances. It can only see the cookies the browser sends.
  • 6. Re: How is session maintained in the application server
    gimbal2 Guru
    Currently Being Moderated
    EJP wrote:
    It won't. The server can't see browser instances. It can only see the cookies the browser sends.
    And hence all browser instances will share the same session - if you're 'logged in' in one, you're 'logged in' in in the other. Cookies are maintained per browser however, so you can have two different sessions in two different browsers (Firefox and IE for example).

    All things easily experimented with yourself.
  • 7. Re: How is session maintained in the application server
    EJP Guru
    Currently Being Moderated
    All things easily experimented with yourself.
    And none of it meriting three separate but more or less identical questions, and none of it having diddly squat to do with Java. Locking.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points