Stack Overflow
Stack Overflow

Questions tagged [httpsession]

An Java interface used by the servlet container to create a session between an HTTP client and an HTTP server.

An Java interface used by the servlet container to create a session between an HTTP client and an HTTP server. The session object has an expiration time which allows the container to invalidate the session after that specified time of the user inactivity. It is active while the user making requests, across more than one connection or page and remains active after the user exit application and stay active until it's expired. The server persists the session object for the user between restarts. While it's valid the session interface allows the application to bind objects to it and access then from different requests of the same user. A session usually corresponds to one user, who may visit a site many times. The server can maintain a session in many ways such as using cookies or rewriting URLs.

Details from the API docs:

Tutorials:

655 questions
9
votes
1 answer

HTTP Session in Load Balancer

We have two servers for load balancing. Sometimes we get an invalid session after successful login into our application and the user session is expired even though the session timeout is configured as 30 minutes. We are not sure whether the…
Premanand K
  • 632
  • 8
  • 18
8
votes
2 answers

Can JavaScript read HTTP Session object?

Is it possible to read the value of a dynamic variable like httpRequest.getSession("attr_name") from within a JavaScript?
fmjaguar3
  • 300
  • 1
  • 4
  • 9
8
votes
3 answers

how to implement custom http session in java?

I will need to implement my own version of HttpSession in Java. I have found very little information which explains how achieve such a feat. I guess my problem is - how do I override the existing HttpSession no matter the application server's…
plymouth5
  • 89
  • 1
  • 1
  • 2
8
votes
3 answers

What prevents HttpSession's id from being stolen?

In the Java Servlet API, what is done to ensure that someone's session id is not stolen? For example, if I had an active session and someone somehow get a hold of my session id, could they use it?
Brian DiCasa
  • 9,369
  • 18
  • 65
  • 97
8
votes
2 answers

HTTP request from a browser upon a session timeout

I have UI that is served by two HTTP servers. Therefore I need to clean the HTTP session from both servers. It is simple for the logout use case but not clear for me how to do it for the session timeout use case. The notification on the server side…
Michael
  • 10,063
  • 18
  • 65
  • 104
8
votes
2 answers

JSF - Session-scoped managed bean does not have dependencies re-injected on session deserialization

I'm not sure if what I'm doing is wrong, or if I just missed an annotation or configuration item somewhere. Here's the situation: I have a JSF application with a session-scoped bean named SessionData. This bean has an application-scoped bean…
Jim Tough
  • 14,843
  • 23
  • 75
  • 96
8
votes
2 answers

HTTPSession variable limit

What is the maximum limit (i.e. size) of data that a HTTPSession variable can hold? What will happen if this exceeds? And most importantly, what is the alternative approach to have the data throughout the session if the size exceeds the maximum size…
user182944
  • 7,897
  • 33
  • 108
  • 174
8
votes
4 answers

Authentication on Google App Engine (web page)

I would like to require the user to use a login/password when accessing some parts of my GAE (Google App Engine) application. I want to limit the access to the set of predefined users, e.g. on the page, where new data can be uploaded to the…
STeN
  • 6,262
  • 22
  • 80
  • 125
7
votes
1 answer

Where is the HttpSession data stored?

HttpSession is a high level interface built on top of cookies and url-rewriting, which means that there is only a session ID is stored in client side and the data associated with it is stored in server side. Where is the HttpSession data actually…
cn1h
  • 1,188
  • 4
  • 16
  • 24
7
votes
2 answers

In grails, how do I get a reference to all current sessions?

I'd like to list all current sessions in an Admin Controller in grails. What's the easiest way to get a reference to e.g. a Collection of sessions from the controller?
Jörg Brenninkmeyer
  • 3,304
  • 2
  • 35
  • 50
7
votes
2 answers

Shiro: Cannot invalidate HttpSession

I have a Shiro session (id=11111) and a http session (id=22222). When I try to invalidate the HttpSession, the wrong id is used. Code: public void logout() { SecurityUtils.getSubject().logout(); // exception is thrown in this…
sinclair
  • 2,812
  • 4
  • 24
  • 53
7
votes
3 answers

Access session of another web application

Is it possible to configure two separate web apps (WAR) in a J2EE application (EAR) to access a shared session context? Further info: I ended up creating a shared class from the EAR which stored the required information in static members. This did…
Michael Terrington
7
votes
2 answers

How is HttpSession implemented?

I just finished taking a final exam on web applications. Capping off what had been a rather easy (albeit lengthy - 12 pages) exam was a question asking us to code an implementation of sessions, similar to that done by javax.http.HttpSession. I hate…
Magsol
  • 4,640
  • 11
  • 46
  • 68
6
votes
3 answers

Is Spring session scoped bean saved in HttpSession?

Since I don't have in depth knowledge of spring session scope implementation. Can anyone please tell me if it is wise to use Spring Session scoped beans, where HttpSession object is very crucial. Like a web application where thousands of users…
Aniruddha Jagtap
  • 383
  • 5
  • 16
6
votes
3 answers

Why do I need an HttpSession to get the ServletContext?

In the Java Servlet API, the only way to get the ServletContext is through an instance of HttpSession (Javadoc). What if I don't want to create a session and only need the servlet context? In other words, why is there no getServletContext() method…
Laurent Pireyn
  • 6,735
  • 1
  • 29
  • 39
1 2
3
43 44