tags:

views:

269

answers:

4
+2  Q: 

What is session management in Java ?

I have faced this question in my Interview as well. I do have many confusion with Session Scope & it management in java.

In web.xml we do have the entry :

<session-config>
        <session-timeout>
            30
        </session-timeout>
</session-config>

What does it indicate actually ? Is it scope of whole project ?

Another point confusing me is how can we separate the session scope of multiple request in the same project? Means if I am logging in from a PC & at the same time I am logging in from another PC, does it differentiate it ?

Also, another confusing thing is the browser difference. Why does the different Gmails possible to open in different browsers ? And Gmail can prevent a session from Login to Logout. How is it maintained with our personal web ?

A: 

Servlets in Java have an HttpSession object which you can use to store state information for a user. The session is managed on the client by a cookie (JSESSIONID) or can be done using URL rewrites. The session timeout describes how long the server will wait after the last request before deleting the state information stored in a HttpSession.

The scope is per browser instance, so in the example you give logging in from two different pcs will result in two session objects.

Dean Povey  2010-06-18 05:31:22
+2  A: 

What does it indicate actually ?

The lifetime of a session. The session expires if there is no transaction between the client and the server for 30 minutes (per the code segment)

Is is scope of whole project ?

It has application scope. Defined for each web application

Another point confusing me is how can we separate the session scope of multiple request in the same project? Means if I am logging in from a PC & at the same time I am logging in from another PC, does it differentiate it ?

Yes. The session ids (JSESSIONID for Apache Tomcat) will be different.

Also, another confusing thing is the browser difference. Why does the different Gmails possible to open in different browsers ?

Each login by the same user from a different browser is a different session altogether. And the cookies set in one browser will not affect in another. So different Gmail instances are possible in different browsers.

And Gmail can prevent a session from Login to Logout. How is it maintained with our personal web ?

Persistent cookies

bdhar  2010-06-18 05:33:53
+4  A: 

Session management is not something limited to Java and servlets. Here's roughly how it happens:

  1. The HTTP protocol is stateless, so the server and the browser should have a way of storing the identity of the user through multiple requests
  2. The browsers sends the first request to the server

  3. The server checks whether the browser has identified with the session cookie (see below)

    3.1. if the server doesn't 'know' the client:

    • the server creates a new unique identifier, and puts it in a Map (roughly), as a key, whose value is the newly created Session. It also sends a cookie response containing the unique identifier.

    • the browser stores the session cookie (with lifetime = the lifetime of the browser instance), containing the unique identifier, and uses it for each subsequent request to identify itself uniquely.

    3.2. if the server already knows the client - the server obtains the Session corresponding to the passed unique identifier found in the session cookie

Now onto some the questions you have:

  • the session timeout is the time to live for each session map entry without being accessed. In other words, if a client does not send a request for 30 minutes (from your example), the session map will drop this entry, and even if the client identifies itself with the unique key in the session cookie, no data will be present on the server.

  • different gmails (and whatever site) can be opened in different browsers because the session cookie is per-browser. I.e. each browser identifies itself uniquely by either not sending the unique session id, or by sending one the server has generated for it.

  • logging from different PCs is the same actually - you don't share a session id

  • logging-out is actually removing the entry for the session id on the server.

Note: the unique session id can alternatively be stored:

  • in a cookie
  • in the URL (http://site.com/page;JSESSIONID=435342342)
  • 2 or 3 other ways that I don't recall and aren't of interest
Bozho  2010-06-18 05:39:31
A: 

if you open the same application in different window i mean multiple instance of a browser it will create different session for every instance.

Lalchand  2010-06-18 15:50:36

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java