The HttpSession Interface in Servlet

Last Updated : 25 Apr, 2022

What is a session?

In web terminology, a session is simply the limited interval of time in which two systems communicate with each other. The two systems can share a client-server or a peer-to-peer relationship. However, in Http protocol, the state of the communication is not maintained. Hence, the web applications that work on http protocol use several different technologies that comprise Session Tracking, which means maintaining the state (data) of the user, in order to recognize him/her. In order to achieve session tracking in servlets, cookies have been one of the most commonly used tech. However, they have the following disadvantages:

They can only keep textual information.
They're browser dependent. Hence, if the client disables them, your web application can't make use of them
Individual cookie can contain not more than 4kb of information

How to create sessions with a unique session id for each user in java servlet

For this, servlets provide an interface called 'HttpSession' Interface. The following diagram explains how Http Sessions work in servlets:

Methods in HttpSession Interface

Method	Description
public HttpSession getSession()	Gets the HttpSession object. If the request doesn't have a session associated with it, a new session is created
public HttpSession getSession(boolean create)	Gets the session associated with the request. If not already present, then a new one is created based on the value of the boolean argument passed into it
public String getId()	Returns the unique session id
public long getCreationTime()	It returns the time when this session was created, measured in milliseconds since midnight January 1, 1970 GMT.
public long getLastAccessedTime()	It returns the time when this session was last accessed, measured in milliseconds since midnight January 1, 1970 GMT.
public long getLastAccessedTime()	It returns the time when this session was last accessed, measured in milliseconds since midnight January 1, 1970 GMT.
public void invalidate()	Invalidates the session

Advantages of Http Sessions in Servlet

Any kind of object can be stored into a session, be it a text, database, dataset etc.
Usage of sessions is not dependent on the client's browser.
Sessions are secure and transparent

Disadvantages of Http session

Performance overhead due to session object being stored on server
Overhead due to serialization and de-serialization of data

Example of Session tracking using HttpServlet Interface: In the below example the setAttribute() and getAttribute() methods of the HttpServlet class is used to create an attribute in the session scope of one servlet and fetch that attribute from the session scope of another servlet.

index.html

html

<html>
<head>
<body>
<form action="servlet1">  
Name:<input type="text" name="userName"/><br/>  
<input type="submit" value="submit"/>  
</form>  
</body>
</html>

First.java

Java

// The first servlet
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;

< div class
= "noIdeBtnDiv" > public class First extends HttpServlet {

    public void doGet(HttpServletRequest request, HttpServletResponse response)
    {
        try { /*Declaration of the get method*/

            response.setContentType("text/html"); // Setting the content type to text
            PrintWriter out = response.getWriter();

            String n = request.getParameter("userName"); /*Fetching the contents of
                                                 the userName field from the form*/
            out.print("Welcome " + n); // Printing the username

            HttpSession session = request.getSession(); /* Creating a new session*/

            session.setAttribute("uname", n);
            /*Setting a variable uname
                                 containing the value as the fetched 
                                 username as an attribute of the session
                                 which will be shared among different servlets
                                 of the application*/

            out.print("<a href='servlet2'>visit</a>"); // Link to the second servlet

            out.close();
        }
        catch (Exception e) {
            System.out.println(e);
        }
    }
}

Second.java

Java

// The second servlet
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;

public class SecondServlet extends HttpServlet {

    public void doGet(HttpServletRequest request, HttpServletResponse response) try {
        /*Declaration of the get method*/
        response.setContentType("text/html");
        PrintWriter out = response.getWriter();

        HttpSession session = request.getSession(false);
        /*Resuming the session created 
                                        in the previous servlet using 
                                        the same method that was used
                                        to create the session. 
                                        The boolean parameter 'false'
                                        has been passed so that a new session
                                        is not created since the session already
                                        exists*/

        String n = (String)session.getAttribute("uname");
        out.print("Hello " + n);

        out.close();
    }
    catch (Exception e) {
        System.out.println(e);
    }
}
}

web.xml

html

<web-app>  
  
<servlet>  
<servlet-name>s1</servlet-name>  
<servlet-class>First</servlet-class>  
</servlet>  
  
<servlet-mapping>  
<servlet-name>s1</servlet-name>  
<url-pattern>/servlet1</url-pattern>  
</servlet-mapping>  
  
<servlet>  
<servlet-name>s2</servlet-name>  
<servlet-class>Second</servlet-class>  
</servlet>  
  
<servlet-mapping>  
<servlet-name>s2</servlet-name>  
<url-pattern>/servlet2</url-pattern>  
</servlet-mapping>  
  
</web-app>