Accessing Session object from JSPs

Hi,

I've a query regarding JSP design.

Typically in J2EE applications JSPs get output data (to be shown in the html) from Request object itself (stored as an attribute). Sometimes for simplicity of the application one might need to access the output data from Sesssion object itself.

Can anyone tell me what could be the possible disadvantages in accessing Session object from JSPs ?

Regards,

Sourav

[445 byte] By [souravm00] at [2007-9-26 20:03:28]

«« Problem with JLabel, html content and images
»» Need help with returning an int value

# 1

I think the main reason is that you should get hold of any data you need (including that from the session object) in the layers before you get to the JSP, for example in the Model layer of an MVC implementation. Then stick all the data you need into the request for that specific JSP. Then, you can use the JSP tag libraries to get hold of the information you need, keeping the JSP 'pure' :-).

It just keeps the code tidier and easier to maintain.

rgunder3 at 2007-7-3 17:50:00 >

top of Java-index,Other Topics,Patterns & OO Design...

# 2

Session variables can come in handy when you need to store large amounts of data, as the request object has size limits. Also, session variables are portable across JSP pages, where request is page by page.

Also, for security and performance reasons, I prefer session variables so data is not sent to/from the browser (within reason of course, simple querystring vars still work great).

bRi

BrianLedsworth at 2007-7-3 17:50:00 >

# 3

As to any disadvantages, just handling the session. You'll either need cookie support on the browser to hold session ids, or you'll need to include session ids in the URL, which I'm against for security reasons.bRi

BrianLedsworth at 2007-7-3 17:50:00 >

# 4

Brian, I was not aware of the request object having a size limit. What is the limit? And what happens if you compromise the limit?SAF

SAFM3 at 2007-7-3 17:50:00 >

# 5

It's not so much the request object as it is HTML GET, which ends up in the QueryString, which I believe is 1024. Not sure if there's a limit on POST. It would be an HTTP limitiation, assuming I'm even correct!

For large amouns of data, I've alwaysd uses session object.

bRi

BrianLedsworth at 2007-7-3 17:50:00 >

# 6

Hi Brian,

Theoretically speaking, http POST method is not limited to any size of data which can be sent to the server. So to support this feature of http POST method, the request object of servlet should be able to hold any size of data. But of course, there will be some practical limit from based on specific implementation.

On the contrary, most of the application servers try to impose some limit on session object, mostly 4 KB. This is to ensure ease of ditribution of session object across multiple application servers in a clustured environment of firm of application servers.

Regards,

Sourav

souravm00 at 2007-7-3 17:50:00 >

# 7

I was unware of the session limit. Thanks for clarifying, I now know better!bRi

BrianLedsworth at 2007-7-3 17:50:00 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

Accessing Session object from JSPs

Other Topics New Topic

Other Topics Hot Topic

Other Topics

All Classified