• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3077
  • Last Modified:

Where is "session" stored? is it in the browser or at server..


I was somewhat confused with the session Object.
From this experiment.
created 2 jsps.
a) test.jsp
b) test1.jsp

In the test.jsp
session.setAttribute("test", "Ravi");

in the test1.jsp

So in the first jsp.. you are storing the attribute "test" and in the second jsp you are retrieving and displaying the value.

Now after setting the attribute.. Plz restart the application server.  
Now try directly try for the test1.jsp using the same browser.

You will see the value "Ravi" displaying on the console.
I am confused...  so i guess the session is stored at the browser side.

Am i correct? or can somebody explain why?

Ravindra N
  • 2
1 Solution
getravi2kAuthor Commented:
Session cookie is stored at client side.

Based on ID from that cookie server retrieves the valuse of session from memory/database etc.

So basically session data is stored at server but session identifier is stored at client.
Session itself is stored on the server side. Each browser accessing the server will get from the server unique Session ID. This Session ID browser sends to each page requested to the same server. So on client (browser) side, only Session ID is stored in the browser cookie (this is default behavior, when session cookies are enabled in the browser settings... there is also a technique called "URL rewriting" to embed SessionID as URL query parameter, each time the server is called, enabling the application to work even if browser session cookies are disabled - but, it is not so important for the basic session understanding)

So, in order that session for a browser works, the browser sends Session ID to each page being accessed on the same web site. Application server (web site server) finds the saved objects related to that Session ID in the session store (memory/disk/database...) on the server side and could work with those objects when processing the JSP page. Meaning - session objects data is stored on the server side.

The behavior you have experienced by executing "test1.jsp" after application restart is related to some other thing: The application servers (e.g. Apache Tomcat) have a possibility to persist the sessions after the server goes for restart and bring them back when the server is restarted again. The server actually serializes session objects from memory to disk (when going to restart) and deserializes them back from disk to memory afterwards (when restarting again).

If you stop the server and than start it again (not restart), those session objects will be most probably lost, and by executing "test1.jsp" in the same browser window again will give you null.
getravi2kAuthor Commented:
Cool. thnx a lot for the clarification.

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now