Advanced Java and Web Technologies for JNTUK
Blog providing beginner tutorials on different web technologies like HTML, CSS, Javascript, PHP, MYSQL, XML, Java Beans, Servlets, JSP and AJAX

19/01/2014 Categories: HTML. No Comments on Session Data Management

Most web applications or websites require a user to interact with it multiple times to complete a business transaction. For example, when a user shops in Amazon or Flipkart, the user will select one item at a time by clicking on buttons or hyperlinks and filling some text fields to specify the payment details. The server will process this data and may show another page.

A sequence of related HTTP requests between a web browser and a web application for accomplishing a single business transaction is called a session. All data specified by the user in a session is known as session data. Generally the session data is private and must be protected from other users. A session generally begins when a user visits a web site for the first time and ends when the user closes the browser. Since the HTTP protocol has no memory, web applications have to use special mechanisms to securely maintain the user session data.

Cookies

Cookies are small text files which contain data stored in name, value pairs. A web application can generate multiple cookies, set their life span (for how much time the cookie must be alive) and send them back to the web browser as part of the response. If cookies are allowed, the web browser stores the cookies on its hosting computer. When an HTTP request is sent from a web browser from a computer for the second time, the cookies are also sent as a part of the request.

Cookies are the simplest approach to maintain session data as the web server doesn’t need to commit any resources for storing the session data. This is the most scalable approach to store session data for a large number of users. The downfall of cookie is, it is not secure. As the cookies are stored on the client’s computer, they might be accessed by another third party. Also when the cookies are being sent between the web application and web browser a hacker might eavesdrop for the session data (stored in cookie) along the path.

Hidden Fields

Some web users who are concerned with the security implications of a cookie will disable the cookies in their browser. In such cases, another way to store session data is by using hidden fields. A hidden field is a part of HTML form. As the name implies, a hidden field (input element whose type is set to hidden) and its data is not visible to a user. The server will process the session data which will be available in the hidden fields. A hidden field can store only one value at a time. Both cookies and hidden fields are used in situations where only limited amount of data is to be stored.

Query String

A query string is a collection of name and value pair data items which are attached at the end of a URL. Sometimes query strings can also be used to maintain session data but only very limited amount of data can be maintained. As the data in the query string is visible to the user, this approach is very less suitable for storing secure session data.

Server-Side Session Objects

For improving the security of session data and avoiding wasted network bandwidth (like in case of hidden fields) for session data to move back and forth between a web browser and web server, most of the session data can be stored on the server by using session objects. Every session object has a unique session ID for identifying a specific user. A session object is normally implemented as a hash table (lookup table) consisting of name, value pairs. To store the session ID, a cookie or a hidden field or a query string can be used. Since this approach stores the session data on the server, it consumes most of the server resources (memory and processor) and is relatively harder to serve large number of clients concurrently.

Suryateja Pericherla

Suryateja Pericherla

Hello, I am Suryateja Pericherla working as an Asst. Professor in CSE department at Vishnu Institute of Technology. I write articles to share my knowledge and make people knowledgeable regarding certain topics.
Suryateja Pericherla

Latest posts by Suryateja Pericherla (see all)

Note: Do you have a question on this article or have a suggestion to make this article better? You can ask or suggest us by filling in the below form. After commenting, your comment will be held for moderation and will be published in 24-48 hrs.

Leave a Reply

Scroll Up
Thank you for visiting startertutorials.com! If you like this website do share with your friends by clicking on the social icons available on the left hand side.

As the domain name is quite large to remember, use this short domain to visit this site. Short domain: stuts.me