Think of Sessions as a Local Cache
Servlet
sessions as implemented by
HttpSession
provide a simple and convenient mechanism to store information about
a user. While sessions are a useful tool, it’s
important to know their limitations. They are not a good choice for
acting as the back-end storage in real-world applications, no matter
how tempting it might be to try it. Rather, sessions are best thought
of as a handy local cache—a place to store information which,
if lost, can be recovered or safely ignored.
To understand why this is, we should quickly review how sessions
work. Sessions generally use cookies to identify users. During a
client’s first request to a server, the server sets
a special cookie on the client that holds a server-generated unique
ID. On a later request the server can use the cookie to recognize the
request as coming from the same client. The server holds a
server-side hashtable that associates the cookie ID keys with
HttpSession object values. When a servlet calls
request.getSession( )
,
the server gets the cookie ID, looks up the appropriate
HttpSession, and returns it. To keep memory in
check, after some period of inactivity (typically 30 minutes) or on
programmer request, the session expires and the stored data is
garbage-collected.
Session data is inherently transient and fragile. Session data will be lost when a session expires, when a client shuts down the browser,[4] when a client changes browsers, when a client changes machines, or when a servlet ...
Get Java Enterprise Best Practices now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
