HttpSession interface

The HttpSession object represents a user session. A user session contains information about the user across multiple HTTP requests.

When a user enters your site for the first time, the user is given a unique ID to identify his session by. This ID is typically stored in a cookie or in a request parameter.

Here is how you access the session object:

  • public HttpSession getSession():Returns the current session associated with this request, or if the request does not have a session, creates one.
  • public HttpSession getSession(boolean create):Returns the current HttpSession associated with this request or, if there is no current session and create is true, returns a new session.

protected void doPost(HttpServletRequest request,
    HttpServletResponse response)
        throws ServletException, IOException {

    HttpSession session = request.getSession();

You can store values in the session object, and retrieve them later. First, let’s see how you can store values in the session object:

session.setAttribute("userName", "theUserName");

To read the value again, you do this:

String userName = (String) session.getAttribute("userName");

Values stored in the session object are stored in the memory of the servlet container.

An object of HttpSession can be used to perform two tasks:

  1. bind objects
  2. view and manipulate information about a session, such as the session identifier, creation time, and last accessed time.
HttpSession interface

Commonly used methods of HttpSession interface

  1. public String getId(): Returns a string containing the unique identifier value.
  2. public long getCreationTime(): Returns the time when this session was created, measured in milliseconds since midnight January 1, 1970 GMT.
  3. public long getLastAccessedTime(): Returns the last time the client sent a request associated with this session, as the number of milliseconds since midnight January 1, 1970 GMT.
  4. public void invalidate(): Invalidates this session then unbinds any objects bound to it.

Sessions and Clusters

If you have an architecture with 2 web servers in a cluster, keep in mind that values stored in the session object of one server, may not be available in the session object on the other server. So, if a user’s requests are divided evenly between the two servers, sometimes session values may be missing.

The solution to this problem would be one of:

  1. Do not use session attributes.
  2. Use a session database, into which session attributes are written, and from which it is read.
  3. Use sticky session, where a user is always sent to the same server, throughout the whole session.

<<Previous <<   || Index ||   >>Next >>