About HttpSession:
Assume
1)open browser
2)Request sent to servlet
3)Servlet calls request.getSession() server creates HttpSession object on the server side and gives response back and along with response it sends the session id
(you can think as reference to the HttpSession object created in the above step)
4)We request to another servlet or same servlet or another jsp, this time
browser sends the session id that it received in the above step to server when
you make request it happens in the background...
5)Now if you call request.getSession, server won't create new HttpSession
object, it identifies the existing session object by matching the session id
sent by browser..
6)When user calls logout button we write code session.invalidate() and
the httpsession object on the server will be destroyed
Now if you open new browser and make request... in the response
server creates another httpsession object and all the above steps
repeats....
What is the use of it ?
If you store any object in request scope when you send new request
the previous request object wont be there.
If you store any object in session scope you can get that object in
all the requests....
Real time comparison:
What if you don't have httpsession
1)You visited flipkart you went to the page where shoes were displayed
and you ordered 1 pair of shoes
2)Then you visited Cell phone related page and bought one
3)And then you tried to pay how would you feel if it shows only cell
This is what happens if you use request scope to store the items
purchased.The things you stored wont' be available in second request
as you know request object life is short... once the response came back
request object no more exists...
So here if you use HttpSession to store the objects you bought then
when you check out it displays all the items you bought
Imagine the bad things that can happen if you don't logout.
Imagine you logged in to your bank site and didn't logout then
if some other user came to the internet center that session object
might be still valid and that user can transfer money from your account.
That is the reason we have to logout...Banks generally write code to
expire the session if user doesn't use the site for 1 minute or 2 minutes
so that others may not take advantage if you don't log out
1)If you open a browser and close the browser generally it is the httpsession scope. But some times what happens is even if you open another browser in internet explorer some times both first and second browser takes the same httpsession object ... If you go to file->New session then only other httpsession object gets created... when you call request.getSession
But if you open one IE browser and Mozilla browser then you can clearly understand that.... HttpSession object gets created for each browser.... So when you open one IE browser and Mozilla browser 2 httpsession object gets printed...Best way to understand is by printing httpsession.... then you can see if same content is printed then you can think as same session
some more examples: HttpSession
Example program for HttpSession
Assume
1)open browser
2)Request sent to servlet
3)Servlet calls request.getSession() server creates HttpSession object on the server side and gives response back and along with response it sends the session id
(you can think as reference to the HttpSession object created in the above step)
4)We request to another servlet or same servlet or another jsp, this time
browser sends the session id that it received in the above step to server when
you make request it happens in the background...
5)Now if you call request.getSession, server won't create new HttpSession
object, it identifies the existing session object by matching the session id
sent by browser..
6)When user calls logout button we write code session.invalidate() and
the httpsession object on the server will be destroyed
Now if you open new browser and make request... in the response
server creates another httpsession object and all the above steps
repeats....
What is the use of it ?
If you store any object in request scope when you send new request
the previous request object wont be there.
If you store any object in session scope you can get that object in
all the requests....
Real time comparison:
What if you don't have httpsession
1)You visited flipkart you went to the page where shoes were displayed
and you ordered 1 pair of shoes
2)Then you visited Cell phone related page and bought one
3)And then you tried to pay how would you feel if it shows only cell
This is what happens if you use request scope to store the items
purchased.The things you stored wont' be available in second request
as you know request object life is short... once the response came back
request object no more exists...
So here if you use HttpSession to store the objects you bought then
when you check out it displays all the items you bought
Imagine the bad things that can happen if you don't logout.
Imagine you logged in to your bank site and didn't logout then
if some other user came to the internet center that session object
might be still valid and that user can transfer money from your account.
That is the reason we have to logout...Banks generally write code to
expire the session if user doesn't use the site for 1 minute or 2 minutes
so that others may not take advantage if you don't log out
1)If you open a browser and close the browser generally it is the httpsession scope. But some times what happens is even if you open another browser in internet explorer some times both first and second browser takes the same httpsession object ... If you go to file->New session then only other httpsession object gets created... when you call request.getSession
But if you open one IE browser and Mozilla browser then you can clearly understand that.... HttpSession object gets created for each browser.... So when you open one IE browser and Mozilla browser 2 httpsession object gets printed...Best way to understand is by printing httpsession.... then you can see if same content is printed then you can think as same session
some more examples: HttpSession
Example program for HttpSession
