2

We are using the tomcat for our web application and for session management we use HttpSession in Javax.servlet.http.HttpSession

This is how We set the session Id and few user attributes in HTTPSession

HTTPSession session = request.getSession()
session.setAttribute("sessionIdNo",sessionIdNo);

This is how We get the session Id and few user attributes we stored in previous HTTP call.

HTTPSession session = request.getSession(); session .getAttribute("sessionIdNo");

My Question is

  1. How its possible that in the next HTTP call from browser, We are able to get the session attribute in server side which is set in previous HTTP call in HTTPSession.

    NOTE : I didn't save in cookies too, I believe its not sent from my browser. Does it has any connection to JSESSION_ID.

  2. If so my second question is, How does these HTTP session management works in Desktop applications I mean without using browser? I mean How to make use of JESSION_ID here for session management.

  3. If not, what is the other way?

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
Harry
  • 3,072
  • 6
  • 43
  • 100

1 Answers1

2

HttpSession implies the usage of, well, HTTP. In your browser, the JSESSIONID cookie is used to reference the session. A user comes in the first time and they are assigned a new session id (request.getSession().getId()). This is put into the JSESSIONID cookie and sent back to the browser. On subsequent requests, the browser sends the cookie which tells Tomcat which session to use.

If you created a desktop application you may want to use a different mechanism. But Tomcat is, in part, an HTTP server and so that is the "normal" mechanism. A desktop application could still interact with Tomcat and web-based services but it's UI would likely be rendered in, for example, Java Swing.

EDIT

You can watch sessions being created and destroyed with just a little code:

import javax.servlet.annotation.WebListener;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;

@WebListener
public class DemoSessionListener implements HttpSessionListener {

    @Override
    public void sessionCreated(HttpSessionEvent sessionEvent) {
        System.out.println("session \"" + sessionEvent.getSession().getId() +
                           "\" created);
        }
    }

    @Override
    public void sessionDestroyed(HttpSessionEvent sessionEvent) {
        System.out.println("session \"" + sessionEvent.getSession().getId() +
                           "\" destroyed);
    }
}
stdunbar
  • 16,263
  • 11
  • 31
  • 53
  • If i run the HTTP call using curl command still it is able to use the same HttpSession in next call. How is it possible? How my HttpSession uses the same session in the next call. I didn't pass any input field in the cookies too. – Harry May 20 '16 at 03:16
  • How are you sure it's the same session? It looks like curl doesn't turn on cookies by default so that doesn't sound right. – stdunbar May 20 '16 at 19:52