Http Session Management / Alternative Session Management (in Java)
I've figured this out, so I'll share my input.
When doing Http Session Management (especially with Servlets), one has to make sure that the client-side session management also exists.
What happens is that when a session is created, the servlet returns a cookie with JSESSIONID
value of the Session created by the servlet container. Make sure that the client side is able to store the session and use it everytime you need to access your session data from the server.
I wasn't storing the cookie from my side, so it seemed like the session were never created.
Hope this helps someone else.
what method is used by httpSession for session management in Java
According to the servlet 2.4 specification:
Session tracking through HTTP cookies is the most used session
tracking mechanism and is required to be supported by all servlet
containers... To fulfill this requirement, Web containers commonly
support the URL rewriting mechanism.
session management in server application
1>should i maintain session in server application?if yes how?
Web-services are stateless
means server does not store any state about the client session on the server side.You should manage the session on the client side, other wise you will end-up handling an heavy load of sessions on the server side and I am sure you don't want to do that.
2>should i do any validation in server side?
If by validation you mean data integrity, I think you will have to do it for the favor of data integrity and your application well being.
3>To validate user while login should i use spring security for that
or just comparing username and password in database is enough?
You can do both, using spring security is a good choice , and you will have to configure or build your own AuthentificationManager
which will compare credentials withe those stored in the database
4>when user doesnot interact with server for particular time there
should be session timeout ,should this be implemented in sserver
application or client side?
You can set a session timeout , and this should be implemented on the client-side.
How to manage a User Session on a AWS server?
There are two main approaches to dealing with session state when you have multiple app servers that can handle requests:
Have your load balancer implement "sticky" sessions. Here, the load balancer sends all requests from the same client to the same app server. The session is maintained locally there and everything works as if there were only one app server. When an app server goes down, all sessions that were sticky to that server are lost.
Have a common session store that is available to all app servers. When an app server receives a request, it grabs the session state from the session store and when it is done modifying the session state for that request, it writes it back to the store. The session store might be a shared database or perhaps an in-memory cache that is accessed remotely by all app servers. If an app server goes down, no sessions are lost. However, there is additional overhead on each request to read/write the session across the network.
To decide which approach to use, you will need to consider the importance of not having sessions be killed when you lose a server, session state size, etc. In my opinion, a common session store is nearly always desirable as it is operationally much easier to handle - you can always whack a server whenever you want to without killing sessions.
I will not speculate on possible choices for products available to support the implementation, as that would be purely opinion-based and off-topic for this site. Suffice to say that there are lots of good options - the particular choice that will be right for you will depend on your specific requirements and expertise.
Related Topics
Generating a Random Number Between 1 and 10 Java
How to See the Source Code of the Sun Jdk
Calling Virtual Method in Base Class Constructor
How to Get the Current Date and Time of Your Timezone in Java
Can't a Swing Component Be Added to Multiple Containers
How to Serve Jsps from Inside a Jar in Lib, or Is There a Workaround
String.Format() to Format Double in Java
How to Sort Arraylist<Long> in Decreasing Order
How to View Tomcat Log Files in Eclipse
Comparing Time Is Incorrect When Picking 12:00
How to Return JSON Data from Spring Controller Using @Responsebody
What Is the Regex for "Any Positive Integer, Excluding 0"
Session.Connection() Deprecated on Hibernate
Transform Java Future into a Completablefuture
How to Copy File Inside Jar to Outside the Jar
How to Disable Javac's Inlining of Static Final Variables
What Is the Right Action to Take Upon Closing Windows in Java/Swing