Forum Stats

  • 3,855,690 Users
  • 2,264,543 Discussions
  • 7,906,138 Comments

Discussions

Are sessions created even when user is not logged on ?

904094
904094 Member Posts: 11
edited Dec 8, 2011 7:37AM in Java Servlet
Hi,

Wanted to know if a session is created and maintained by the application servers even if the user hasn't logged into the application?

Most of the time I see that developers would like to get or set information into session implicit object only when the user is logged into the application, so I wanted to know if a session is at all created when user doesn't at all gets logged in.

Also wanted to know where should I check such information on..? Application server guide doesn't tell that..

Thanks,
Riha.

Answers

  • gimbal2
    gimbal2 Member Posts: 11,949 Gold Trophy
    edited Dec 7, 2011 10:54AM
    Define "login". Connected to the server or actually logged in through some authentication screen?

    A session is created whenever a client makes a request to the server, so it has nothing to do with any kind of login.
  • 904094
    904094 Member Posts: 11
    I meant "login" as logged in through some authentication screen.

    When you say that "A session is created whenever a client makes a request to the server, so it has nothing to do with any kind of login" do you mean that through the entire time user is on a same browser instance, going through different pages of the site, the session object would remain same? If that is so, how does the server keep a track such-many-anonymous-users on so many different browsers..?
    I know I have deviated somewhat on the original topic, but it would help me (& others who are new) to understand better! Thanks ! -- Riha.
  • EJP
    EJP Member Posts: 32,920 Gold Crown
    through the entire time user is on a same browser instance, going through different pages of the site, the session object would remain same?
    Yes.
    If that is so, how does the server keep a track such-many-anonymous-users on so many different browsers..?
    Via Session objects at the server and cookies exchanged with the browsers.
  • gimbal2
    gimbal2 Member Posts: 11,949 Gold Trophy
    edited Dec 8, 2011 7:37AM
    EJP wrote:
    Via Session objects at the server and cookies exchanged with the browsers.
    Exactly that; a cookie containing the jSessionID value. This cookie will live as long as the browser instance is alive (and multiple instances will share the same cookie, so when you open three firefox browsers at the same time, you'll have the same session in all three).

    Either that or you explicitly use URL rewriting to pass along the jSessionID value, should you have a client with tracking cookie paranoia.


    I sense a question about session durance coming: you either invalidate the session yourself on some sort of logout function, or it will be cleaned up after a timeout period by the server. Usually this is 20 minutes by default.
This discussion has been closed.