It is stored in the session object that exists on the web
server.
Yes you can store critical data in setAttribute, this is
common.
Nico
> Something just occured to me, when you store something in
a HttpSession, =
> where does it go ?
>
> Like if i put session.setAttribute
("username",theUserName); where is the =
> data stored ? on the server ? on the client ? in the
browser cache ?
> If it is stored in the browser, can it be accessed in
someway ?
>
> I'd like to know for sure if sensitive info can be stored
in a =
> HttpSession, like if a user is logged in or not. I figure
if it is =
> stored like a Cookie, you could open if with notepad and
modify it, =
> couldn't you ?
>
> Well, thanks in advance, AD.
>
>
____________________________________________________________
_______________
> To unsubscribe, send email to [EMAIL PROTECTED] and
include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-
interest.html
> Resources: http://java.sun.com/products/servlet/external-
resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
