AFAIK, it depends on whether your servlet engine is implementing the session
in cookies or in URL-rewriting. With Jserv and cookies, the session ID is
sent to the client, but not the session object itself ( the ID is just the
key into a hashtable ), and the session object stays behind at the web
server.
-----Original Message-----
From: Nick Neuberger [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 25, 2000 10:40 AM
To: '[EMAIL PROTECTED]'
Subject: Do Session vars go across the network.
Hello,
I have some questions that maybe some of you die-hard servlet programmers
can answer.
HttpSession session = req.getSession(true);
Do the session variables assigned to the HttpSession get sent across the
network to the client on output?
This brings up some major questions if they do or do not. A friend of mine
told me how ASP pages send the session object. ASP will generally send a
GUID (Global Unique ID) back to the client for later reference. This
eliminates sending a vital information in the session vars.
Advantages to sending the session object across the network:
1) Completely disconnected. If in a clustered environment, the session
always goes to the received server. This is a known problem in ASP/IIS
Clusters. "Loosing session state".
2) All key information is sent across the network. Viable information,
such as credit card information. Is it lightly encrypted or is it just
plain text.
Disadvantages/Advantages to keeping the session object at the server:
1) No vital session variables will go across the network. Security isn't
compromised.
2) Session problems with clustering if a guid is passed and stored on the
server.
Does anyone have any feedback on this? Any information would be great!!!!
My primary worry is security.
Go Servlets!!!! Go RAMS!!!!
Thanks,
_______________________
Nicholas Neuberger
Software Developer
PaylinX Corporation
9666 Olive Boulevard
St Louis MO 63132
E-mail: [EMAIL PROTECTED]
_____________________________
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
