[ Team LiB ] Previous Section Next Section

How Sessions Work

Now that you see that servlets and JSPs can support sessions, you can take a step back and look at how the sessions work. When the servlet engine creates a session, it sends a session identifier (also referred to as a session key) back to the browser in the form of a cookie. A cookie is just a piece of information that the browser sends back to the server whenever it asks the server for a page.

Usually, for a session, the cookie disappears when the Web browser is shut down. As you will see in Hour 13, "More About Saving Data," a browser can save cookies to disk, so when the browser starts up again it still knows about the cookies it had when it shut down. Because sessions are typically short-lived, and because shutting the browser down is an action that warrants the termination of a session, the session cookie is usually not saved to disk. Remember, the server has no idea when the Web browser shuts down. Figure 12.4 illustrates the interaction between the browser and the servlet engine as it relates to cookies and sessions.

Figure 12.4. The server sends the session identifier in a cookie, which the browser passes back.


These Examples Require Cookies


You must enable cookies in your browser for these examples to work.

When the browser asks the server for a page, the server looks at the session cookie and then finds the session corresponding to that session identifier.

Occasionally, the servlet engine looks through its sessions and gets rid of those that haven't been accessed in a long time. If it didn't do this, eventually the servlet engine would be wasting a lot of memory by holding on to sessions that could never be accessed again because the cookies associated with those sessions are long gone. (People do shut down their browsers eventually, and that kills the session cookies.)

    [ Team LiB ] Previous Section Next Section