"Shekhar, Jayant" wrote:
>
> Hi All,
>
> I'm very new to cookies. How does one handle sessions using cookies. Say,
> someone logs in, and I send the browser a cookie. I keep this cookie into
> the servlet to uniquely identify the user.
No, you don't. Session identification is handled by the servlet container. You
don't generate the cookie, nor do you need to save it anywhere. If you don't
store any other information in a cookie, you don't need to create, store, send,
or manage the cookie. The servlet container creates and sends a cookie with the
session id to the client; the servlet container gets the cookie from the client
request and determines the correct session object as necessary. All you need to
do is call request.getSession(boolean). You can keep information about the
client in the session object.
> Now, what if the servlet goes
> down? All the sessions would be lost.
Maybe, maybe not. On the project I work, we use JRun. JRun will persist a
session even if a servlet is changed and the servlet class is reloaded. I would
expect that if a servlet goes down (what exactly do you mean by go down?) then
the session is still available. Now, if the server goes down or the servlet
container terminates, that's another story. Some servers can write the session
data to a persistent store if the server is shutdown. In the book Java Servlet
Programming the author claims that Java Web Server has this capability. I do not
know if JRun or other servlet containers have this ability. I would guess that
they do, but I don't know. So, you should be able to find a server where the
session is maintained even if the server terminates.
> Also, what if the browser accesses
> another servlet on my web site. How does this new servlet identify the user
> from the cookie?
>
> Seems like saving the cookie into the database would solve the problem. But
> will this not be a performance problem?
No need to save the cookie. When the client tries to access another servlet, the
servlet container will read the cookie from the request, get the session id from
the cookie, and provide the correct session to the other servlet. The servlet
'identifies' the client by getting the session. The session will be the correct
session for the client. Since the session id is handled by the servlet
container, you do not need to store the cookie or the session id.
KMukhar
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
