This discussion is archived
1 Reply Latest reply: Jul 5, 2013 4:11 AM by masijade RSS

Where are Httpsession attributes stored, browser or server?

Zhang Zhongyi Newbie
Currently Being Moderated

I am wondering where the attributes I put into the Httpsession are stored.

 

For example, if I do the following

HttpSession session = request.getSession();

session.setAttribute("usr", usr);

session.setAttribute("pwd", pwd);

 

where does the ("pwd", pwd) pair store?

 

In my case, my web application needs to use the usr and pwd to login to another application, so I have to store them somewhere. So for security reason, if the pwd is kept in the browser side, I need to encrypt it first before I put it in the session. On the other hand if it is stored in the server memory then encryption seems not necessary. Anyone can give me some reference on this matter?

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points