www.codestyle.org

Servlet sessions FAQ

This FAQ is part of the Code Style Help and FAQ section. Use the help request form below if your question is not answered here, but make sure you are asking the right question first.

Subscribe to this FAQ:

Session management

Q: What is the use of sessions in servlets?

A: The servlet HttpSession interface is used to simulate the concept that a person's visit to a Web site is one continuous series of interactions. This is often the case, but the HTTP protocol is basically a request-response mechanism with no necessary connection between one request and the next.

More details available to subscribers:
What is the use of sessions in servlets?

Q: Are sessions created on the server side?

A: A servlet session is created and stored on the server side. The servlet container keeps track of all the sessions it manages and fulfils servlet API requests to get HttpSessions, manipulate object data stored with them and trigger event callbacks.

To the maintain the session, Web clients must pass back a valid session identifier as a cookie header value or dynamically generated URL parameter. In this sense, the session is also stored by the client, but only as a token reference.

Q: Can I create a session with GenericServlet?

A: There are no protocol-specific features in GenericServlet, which is an implementation of the basic, general purpose Servlet interface. Servlet-based sessions are designed only for interactions using the HTTP protocol, which has two key features necessary for a servlet container to simulate continuous user sessions: cookies and URL-based navigation, which supports URL-rewriting. The servlet API therefore places the HttpSession interface in the javax.servlet.http package, and session references are only available through classes in this package.

Q: How can I assemble data from multiple input forms?

A: First, it is best to use a single servlet to handle each form submission. A single servlet for all input would be too complicated. Give each servlet responsibility to validate a single form input, and pass the error cases on to JSP documents that explain the problem and allow users to amend the input.

More details available to subscribers:
How can I assemble data from multiple input forms?

Q: How do I clean up object references when a session ends?

A: In normal service conditions a servlet session may expire when the application user exceeds the maximum inactive time interval for the session, or the application calls the session's invalidate() method in response to a "log out" type request. In both cases, the session ID reference is invalidated so any further requests for the session will return null, then all the object references associated with the session are unbound and made available for garbage collection (if no other references remain).

More details available to subscribers:
How do I clean up object references when a session ends?

Q: How can I recover an expired session?

A: If a session has expired, it means a browser has made a new request that carries a session identifier, such as a cookie entry, for which the servlet container has no record. Servlet containers usually discard sessions after a standard time-out period, so they do not have to maintain sessions indefinitely. If the session has expired on the server side, there is no way to re-construct it, because no reference remains.

It is possible to request sessions live longer using the HttpSession setMaxInactiveInterval(int) method. Many servlet containers also support persistent sessions, which are stored between separate invocations of the container, but configuration details vary.

Cookie controls

Q: What are persistent cookies and pre-session cookies?

A: Cookies are relatively simple information stores that may be maintained by a Web browser using data sent in the response header from a Web server. There is no obligation for a Web browser to accept the cookie or maintain the information it is sent. Some people disable cookies in their browser settings and you should design your application with this possibility in mind.

More details available to subscribers:
What are persistent cookies and pre-session cookies?

Q: How do I disable a cookie?

A: The storage of cookies is controlled by their maximum age property. A positive value means the cookie should be stored for the given number of milliseconds from the present time. A negative value means the cookie should not be stored and will expire when the browser is shut down. To delete an existing cookie, call setMaxAge(0) before issuing the servlet response. Use the code below to delete all cookies for the current site, for example:

More details available to subscribers:
How do I disable a cookie?

Other data handling techniques

Q: How can I pass values between JSPs without using sessions?

A: There are four main alternatives to full session-based transfer of data values, two of them use features of the session tracking API: cookies and URL-rewriting, detailed below.

More details available to subscribers:
How can I pass values between JSPs without using sessions?

Help request

Use the form below to submit a help request or general enquiry about the Code Style Web site. Read our guidelines on asking the right questions first.

Name:
Email*:
Example URL:
Comments:
Do NOT put any URLs here
Join mailing list:	Yes, join the mailing list No
* Required fields

Your email address will not be mis-used. If you include your address you may be sent a personal reply, you will not be added to any mailing list unless you request it. Read the site privacy statement for details.

Navigation

• Home page
• CSS style guide
  • Font sampler
  • Media monitor
• Java & servlets
• Javascript & DOM
• HTML & XHTML
• Help and FAQs
• Site log

Site search

Home · CSS · Java · Javascript · HTML · Help · Log

Copyright © 2000-2008 Philip Shaw, all rights reserved, terms and conditions apply.
Valid XHTML and correct CSS. Last updated 14 June 2008 at 17:32:38 PM BST.
URI: http://www.codestyle.org.uk/java/servlets/faq-Sessions.shtml Metadata: RDF RSS 1.0