is session a good way to handle user login?

Posted on 2006-05-16
Last Modified: 2010-08-05
hi, in my application, i handle the user login using session. if the user login successfully, i will add an session attribute "id" for the user name. eg:

session.setAttribute("id", userName);

and when the user logout, i will have the attribute removed... but i read in some books they said that creating too many session will occupy memory of the server, and i was thinking, does this means it is not a good practice??

can any experts kindly drop some tips/hints or links that might help me in designing the login/logout for my application.. tks

Question by:InNoCenT_Ch1ld
    LVL 3

    Accepted Solution

    your options are fairly limitied really, as cookies are not really good practice anymore with anti-spyware/adware apps blocking them (in some cases anyway).

    from my experience, assigning a session is the best means of doing so, provided that you have a logout button that will terminate the session - the sessions expire after a period of inactivity anyway.

    i cannot say how the server deals with the sessions - whether it fills the memory or otherwise, but i would be surprised, I feel assigning the session is the most obvious means of doing what you intend.

    If you are worried about the sessions filling the server, you could create a second thread?  A servlet that runs and scouts for inactive sessions and terminates them?  Just a thought.

    Either way, I think assigning sessions is fine.

    LVL 35

    Assisted Solution

    Seopher is right...  Sessions that are inactive for a while will timeout and remove themselves from memory anyway

    There's no need to write a second thread though...

    Just store the userid in the session (if login is successful) as you say, then you can check this to see if the user has logged in

    And set the session timeout to something like 5 minutes...

    Don't forget, memory is cheap, but I feel that if you do get hundreds of thousands of logged in users, this small memory usage isn't going to be your main problem, as you will be busy setting up load balancing clusters etc...

    LVL 3

    Author Comment

    Tks for the respond seopher and TimYates, I am really new in JSP/Servlet so some advice from experts is very much needed ;-)


    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
    In the modern office, employees tend to move around the workplace a lot more freely. Conferences, collaborative groups, flexible seating and working from home require a new level of mobility. Technology has not only changed the behavior and the expe…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now