is session a good way to handle user login?

hi, in my application, i handle the user login using session. if the user login successfully, i will add an session attribute "id" for the user name. eg:

session.setAttribute("id", userName);

and when the user logout, i will have the attribute removed... but i read in some books they said that creating too many session will occupy memory of the server, and i was thinking, does this means it is not a good practice??

can any experts kindly drop some tips/hints or links that might help me in designing the login/logout for my application.. tks

Who is Participating?
your options are fairly limitied really, as cookies are not really good practice anymore with anti-spyware/adware apps blocking them (in some cases anyway).

from my experience, assigning a session is the best means of doing so, provided that you have a logout button that will terminate the session - the sessions expire after a period of inactivity anyway.

i cannot say how the server deals with the sessions - whether it fills the memory or otherwise, but i would be surprised, I feel assigning the session is the most obvious means of doing what you intend.

If you are worried about the sessions filling the server, you could create a second thread?  A servlet that runs and scouts for inactive sessions and terminates them?  Just a thought.

Either way, I think assigning sessions is fine.

Seopher is right...  Sessions that are inactive for a while will timeout and remove themselves from memory anyway

There's no need to write a second thread though...

Just store the userid in the session (if login is successful) as you say, then you can check this to see if the user has logged in

And set the session timeout to something like 5 minutes...

Don't forget, memory is cheap, but I feel that if you do get hundreds of thousands of logged in users, this small memory usage isn't going to be your main problem, as you will be busy setting up load balancing clusters etc...

InNoCenT_Ch1ldAuthor Commented:
Tks for the respond seopher and TimYates, I am really new in JSP/Servlet so some advice from experts is very much needed ;-)

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.