The JSP Files (part 6): State Of Grace - Plan B (
Page 7 of 9 )
The cookie-based approach is quite common; many Web sites use it, because
it is flexible, simple, and independent of the server-side language (once
the cookie has been saved to the client's hard drive, you can read it using
JavaScript, or PHP, or JSP, or ...) The only problem: it is dependent on
the cookie being accepted by the client.
And so, another common approach is the use of a "session" to store specific
bits of information when a client visits a Web site; this session data is
preserved for the duration of the visit, and is usually destroyed on its
conclusion. A session can thus be considered a basket of information which
contains a host of variable-value pairs; these variable-value pairs exist
for the duration of the visit, and can be accessed at any point during it.
This approach provides an elegant solution to the "stateless" nature of the
protocol, and is used on many of today's largest sites to track and
maintain information for personal and commercial transactions.
Every session created is associated with a unique identification string, or
"session ID"; this string is sent to the client, while a temporary entry
with the same unique identification number is created on the server, either
in a flat file or in a database. It now becomes possible to register any
number of "session variables" - these are ordinary variables, which can be
used to store textual or numeric information, and can be read from, or
written to, throughout the session.
The session ID is transmitted to the client either via a cookie, or via the
URL GET method. The client, in turn, must reference each request with this
session ID, so that the server knows which session each client is
associated with and uses the appropriate session variables for each client.
In case the client doesn't support cookies and the URL method is rejected
or not used, session management capabilities and session variables will not
be available to the client, and every request will be treated as though it
were coming for the first time.
Sessions are typically left active for as long as the user's browser is
open, or for a pre-defined period. Once the user's browser is closed, or
the specified time period is exceeded, the session and all variables within
it are automatically destroyed.
