Where is "session" stored? is it in the browser or at server..


I was somewhat confused with the session Object.
From this experiment.
created 2 jsps.
a) test.jsp
b) test1.jsp

In the test.jsp
session.setAttribute("test", "Ravi");

in the test1.jsp

So in the first jsp.. you are storing the attribute "test" and in the second jsp you are retrieving and displaying the value.

Now after setting the attribute.. Plz restart the application server.  
Now try directly try for the test1.jsp using the same browser.

You will see the value "Ravi" displaying on the console.
I am confused...  so i guess the session is stored at the browser side.

Am i correct? or can somebody explain why?

Ravindra N
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

getravi2kAuthor Commented:
Session cookie is stored at client side.

Based on ID from that cookie server retrieves the valuse of session from memory/database etc.

So basically session data is stored at server but session identifier is stored at client.
Session itself is stored on the server side. Each browser accessing the server will get from the server unique Session ID. This Session ID browser sends to each page requested to the same server. So on client (browser) side, only Session ID is stored in the browser cookie (this is default behavior, when session cookies are enabled in the browser settings... there is also a technique called "URL rewriting" to embed SessionID as URL query parameter, each time the server is called, enabling the application to work even if browser session cookies are disabled - but, it is not so important for the basic session understanding)

So, in order that session for a browser works, the browser sends Session ID to each page being accessed on the same web site. Application server (web site server) finds the saved objects related to that Session ID in the session store (memory/disk/database...) on the server side and could work with those objects when processing the JSP page. Meaning - session objects data is stored on the server side.

The behavior you have experienced by executing "test1.jsp" after application restart is related to some other thing: The application servers (e.g. Apache Tomcat) have a possibility to persist the sessions after the server goes for restart and bring them back when the server is restarted again. The server actually serializes session objects from memory to disk (when going to restart) and deserializes them back from disk to memory afterwards (when restarting again).

If you stop the server and than start it again (not restart), those session objects will be most probably lost, and by executing "test1.jsp" in the same browser window again will give you null.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
getravi2kAuthor Commented:
Cool. thnx a lot for the clarification.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.