Reputation: 1264
Session Management in a real time application
I have read different articles on Session Management and am aware of the different ways of implementing the same.
However below are few questions that I wanted to understand:
- How session management is implemented in a real world application (e.g. cookies,url rewriting)?
- What would be the steps and which is the best way to do the same?
- What way should one prefer over another?
- How is session management done wrt different data centers/clusters?
Thanks!
Upvotes: 1
Views: 917
Answers (1)
Reputation: 4886
Its security risk to use cookies and url rewriting for sensitive data management. The best mechanism is to use http session in conjunction with https.
In real world scenarios, http session is used carefully to avoid bottle necks. simply rather than adding an entire object to session, an attribute which can be used to obtain an entity from database is carried over the session. bottom-line is that sessions need to be kept light weight. session best practices include removing the session and invalidating it once its use is completed.
in EJB context, its always better to avoid Stateful session beans. If used, the bean has to be invalidated as the last invocation of the bean.
Upvotes: 1
Related Questions
- How to manage sessions in a distributed application
- Session equivalent in Java Desktop Application
- Java - best practices for secure session management
- How to maintain session timeout in core java application?
- Session handling on Java EE application
- session management in standalone applications
- How to make session in Java?
- How can I manage sessions in Java EE?
- Low level implementation of Java Sessions
- session management in swing based applications