1 Reply Latest reply: Jul 5, 2013 6:11 AM by masijade RSS

    Where are Httpsession attributes stored, browser or server?

    Zhang Zhongyi

      I am wondering where the attributes I put into the Httpsession are stored.


      For example, if I do the following

      HttpSession session = request.getSession();

      session.setAttribute("usr", usr);

      session.setAttribute("pwd", pwd);


      where does the ("pwd", pwd) pair store?


      In my case, my web application needs to use the usr and pwd to login to another application, so I have to store them somewhere. So for security reason, if the pwd is kept in the browser side, I need to encrypt it first before I put it in the session. On the other hand if it is stored in the server memory then encryption seems not necessary. Anyone can give me some reference on this matter?