Session Lifecycle
The stages which a user session goes through right from its creation to its eventual expiration completes the session lifecycle. In the context of web applications, the lifecycle involves the management of user-specific data across multiple session requests. The key stages involved in the session lifecycle are described below.
1. Session Creation
- Trigger: The session is created when the user logs into the application for the initial time.
- Action: The servlet container creates a new session for the user using HttpSession attribute when the user logs in the platform for the first time. As no existing session is associated with the user, it creates a new one and generates a session ID which is stored as a cookie on the client’s browser based on the system requirements.
2. Attribute Setting
- Trigger: Once the session is created, the required attributes are set on the session using the servlets or the JSP page.
- Action: The required attribute are named and stored using the setAttribute method of the HttpSession object which makes sure that this can be use across multiple locations.
HttpSession session = request.getSession();
session.setAttribute("username", "GFG");
3. Client Interaction
- Trigger: The user interacts with the web application, making additional requests.
- Action: The session ID is now associated with each successive request, allowing the servlet container to map the request with the correct session. To retrieve the attributes associated to the particular session, use getAttribute method.
HttpSession session = request.getSession();
String username = (String) session.getAttribute("username");
4. Session Invalidation
- Trigger: The session can be invalidated explicitly by the application or automatically based on certain criteria as per the system requirements.
- Action: We can invoke invalidate method to remove all the session attributes associated with that particular session. Further we can use a timeout concept which will invalidate the sessions automatically after a specified period of inactivity.
HttpSession session = request.getSession();
session.invalidate();
5. Session Expiration
- Trigger: We can set the session timeout, which is a defined maximum time of existence.
- Action: Once the browsing is completed, we can remove the data and the user’s preference based on the maximum inactive time interval.
HttpSession session = request.getSession();
// Session will be invalidated after 30 minutes of inactivity
session.setMaxInactiveInterval(1800);
Session Management in Java
Session is used to save user information momentarily on the server. It starts from the instance the user logs into the application and remains till the user logs out of the application or shuts down the machine. In both cases, the session values are deleted automatically. Hence, it functions as a temporary storage that can be accessed till the user is active in the application and can be accessed when the user requests a URI. This session is stored in binary values, hence maintaining the security aspect, and can be decoded only at the server end.
Contact Us