How web container differentiates the HttpSessions for different users?

Question

For every user request, unique session id will be created.

Example

If there are 10 users, 10 sessions are created.How does the web container knows,this particular session is used for user1 ... and so on.

this may help http://stackoverflow.com/questions/3106452/how-do-servlets-work-instantiation-shared-variables-and-multithreading — therealprashant, Aug 16 '16 at 10:45

score 1 · Answer 1 · answered Aug 16 '16 at 10:44

1

The most common way is using cookies. There is a cookie, usually named "JSESSIONID" which has the unique identifier of a session. When it is attached to requests, the server uses it to link the request to the proper user session on the server.

There are also other techniques, but I can't remember all of them. There was a possibility to serilialize the session and send it between the server and the client and other methods like this, but session cookies are the most common by far.

answered Aug 16 '16 at 10:44

Danail Alexiev

7,624
3
20
28

How does the data in the cookie look like? JSESSIONID is used to identify session.But how it will identify the user? – Anju Aug 16 '16 at 11:13
The cookie contains the unique identifier of the Session - usually a alphanumerical string. The container does not operate on a user level - just sessions. It's the developers job to add any authentication logic, linking a session and a application user. – Danail Alexiev Aug 16 '16 at 11:18
Unless the container is doing CMA - Containrer Managed Authentication, of course. – user207421 Aug 16 '16 at 12:28

score 0 · Answer 2 · answered Aug 16 '16 at 11:27

For every user request, unique session id will be created.

No. For every user a distinct session ID is created.

If there are 10 users, 10 sessions are created.

Exactly. You've just contradicted yourself. Each of those users can submitted multiple requests within the same session.

How does the web container knows,this particular session is used for user1..and so on.

Via a session ID communicated to the browser via a cookie, and returned to the server on subsequent requests via the same cookie or a JSESSIONID parameter in the URL.

score -1 · Answer 3 · edited Aug 17 '16 at 10:20

-1

A simple overview is :

When a user visits a website for the first time, the servlet container will create an HttpSession object and store it on the server.
This HttpSessionobject is tagged with some long unique Id (session.getId()).
Also, the server now sets a Cookie in the response header with JSessionID as the key and the long unique Id as the value.
When, the user makes another request, the browser passes on the cookie in each subsequent request (in the request Headers).
By this the servlet container identifies each session per user.

edited Aug 17 '16 at 10:20

user207421

305,947
44
307
483

answered Aug 16 '16 at 11:22

therealprashant

701
15
27

so, for each user the browser will see the cookie for SESSIONID to identify the users. – Anju Aug 17 '16 at 04:44
JSESSIONID...I am not sure if it's the same as SESSIONID TBH – therealprashant Aug 17 '16 at 05:34

How web container differentiates the HttpSessions for different users?

3 Answers3