HTTP protocol is stateless. It means that there is no permanent connectionbetween client (web browser) and Web Server. When client request a page from a web server, it opens a connection, retrieve the page and close connection. Web servers doesn't know what happen then in the client side. In addition, If another request from client is made, web server doesn't associate the new connection with the connection has been made.
In order to overcome the stateless of HTTP protocol, JSP provides you the implicit sessionobject which is a HttpSession object. The session object resides in the server side so you can keep arbitrary data about the client and other data as well in session and later on in different requests you can retrieve the saved data for processing. JSP stores data in the server side in the session object by using a single key that client remembers.
The session object has the three most important methods which you use most as bellows:
public void setAttribute(String name, Object value)throws IllegalStateExceptionpublic Object getAttribute(String name)throws IllegalStateExceptionpublic void removeAttribute(String name)throws IllegalStateException
A session is an object associated with a visitor. Data can be put in the session and retrieved from it, much like a Hashtable. A different set of data is kept for each visitor to the site. Here is a set of pages that put a user's name in the session, and display it elsewhere. Try out installing and using these.First we have a form, let us call it GetName.html
The target of the form is "SaveName.jsp", which saves the user's name in the session. Note the variable "session". This is another variable that is normally made available in JSPs, just like outand request variables. (In the @page directive, you can indicate that you do not need sessions, in which case the "session" variable will not be made available.)
The SaveName.jsp saves the user's name in the session, and puts a link to another page, NextPage.jsp.
NextPage.jsp shows how to retrieve the saved name.
If you bring up two different browsers (not different windows of the same browser), or run two browsers from two different machines, you can put one name in one browser and another name in another browser, and both names will be kept track of. The session is kept around until a timeout period. Then it is assumed the user is no longer visiting the site, and the session is discarded.
Exercise: Add another attribute "age" to the above example.
How session works
When server creates a new session, it always adds a session identifier in the form of cookie. When web browser asks for a page or makes a request, the web browser always sends cookie which are created by the web server in the request. Therefore in the server side, web server checks for that cookie and find the corresponding session that is matched to the received cookie.
The session normally short-lived so the session cookie is not saved into disk. Session also has time out. When the time is out, the session is no longer exist in the server side. You can set time out of session in configuration file in the server.