Hello,
I have some questions that maybe some of you die-hard servlet programmers can answer.
HttpSession session = req.getSession(true);
Do the session variables assigned to the HttpSession get sent across the network to the client on output?
This brings up some major questions if they do or do not. A friend of mine told me how ASP pages send the session object. ASP will generally send a GUID (Global Unique ID) back to the client for later reference. This eliminates sending a vital information in the session vars.
Advantages to sending the session object across the network:
1) Completely disconnected. If in a clustered environment, the session always goes to the received server. This is a known problem in ASP/IIS Clusters. "Loosing session state".
2) All key information is sent across the network. Viable information, such as credit card information. Is it lightly encrypted or is it just plain text.
Disadvantages/Advantages to keeping the session object at the server:
1) No vital session variables will go across the network. Security isn't compromised.
2) Session problems with clustering if a guid is passed and stored on the server.
Does anyone have any feedback on this? Any information would be great!!!! My primary worry is security.
Go Servlets!!!! Go RAMS!!!!
Thanks,
_______________________
Nicholas Neuberger
Software Developer
PaylinX Corporation
9666 Olive Boulevard
St Louis MO 63132
E-mail: [EMAIL PROTECTED]
_____________________________
