Session Management in JSP

As we know that the Http protocol is a stateless protocol, that means that it can't persist the data. In this tutorial we are learning about the session management in JSP based applications.

Session Management in JSP


As we know that the Http protocol is a stateless protocol, that means that it can't persist the data. Http treats each request as a new request so every time you will send a request you will be considered as a new user. It is not reliable when we are doing any type of transactions or any other related work where persistence of the information  is necessary.  To remove these obstacles we use session management. In session management whenever a request comes for any resource, a unique token is generated by the server and transmitted to the client by the response object and stored on the client machine as a cookie. We can also say that the process of managing the state of a web based client is through the use of session IDs. Session IDs are used to uniquely identify a client browser, while the server side processes are used to associate the session ID with a level of access. Thus, once a client has successfully authenticated to the web applicatiion, the session ID can be used as a stored authentication voucher so that the client does not have to retype their login information with each page request. Now whenever a request goes from this client again the ID or token will also be passed through the request object so that the server can understand from where the request is coming. Session  management can be achieved by using the following thing.

1. Cookies: cookies are small bits of textual information that a web server sends to a browser and that browsers returns the cookie when it visits the same site again. In cookie the information is stored in the form of a name, value pair. By default the cookie is generated. If the user doesn't want to use cookies then it can disable them.

2. URL rewriting: In URL rewriting we append some extra information on the end of each URL that identifies the session. This URL rewriting can be used where a cookie is disabled. It is a good practice to use URL rewriting. In this session ID information is embedded in the URL, which is recieved by the application through Http GET requests when the client clicks on the links embedded with a page.

3. Hidden form fields: In hidden form fields the html entry will be like this : <input type ="hidden" name = "name" value="">. This means that when you submit the form, the specified name and value will be get included in get or post method. In this session ID information would be embedded within the form as a hidden field and submitted with the Http POST command.

In JSP we have been provided a implicit object session so we don't need to create a object of session explicitly as we do in Servlets. In Jsp the session is by default true. The session is defined inside the directive <%@ page session = "true/false" %>. If we don't declare it inside the jsp page then session will  be available to the page, as it is default by true.

For the convenience to understand the concept of session management we have made one program.

The code of the program is given below:

		<title>Welcome to the first program of jsp</title>
	<form method = "post" action = "FirstPageOfSession.jsp">
  <font size = 6>Enter your name<input type = "text" name = "name"></font><br><br>
  <font size = 6>Enter your password<input type="password" name = "pwd" >
		<input type = "submit" name = "submit" value = "submit" >


    String name = request.getParameter("name");
	String password = request.getParameter("pwd");
	if(name.equals("Williams") && password.equals("abcde"))


		<title>Welcome in In the program of URL rewriting</title>
<font size = 6>Hello</font> <%= session.getAttribute("username") %>

The output of the program is given below:

When the values entered is correct.

When the entered values are incorrect, the SessionManagement.html will be displayed again to you.

Download this example.


Share on Google+Share on Google+

Session Management in JSP

Posted on: February 9, 2008 If you enjoyed this post then why not add us on Google+? Add us to your Circles



Discuss: Session Management in JSP   View All Comments

Post your Comment

Your Name (*) :
Your Email :
Subject (*):
Your Comment (*):
  Reload Image
April 11, 2011
Thank yuo

Now I know how mange session
April 18, 2011
How to set time limit for a particular session?

I would like to set a time limit say 10 mins to use a particular page. If the time limit exceeds the user should login again to view the page.
October 28, 2011

The data was informative:). Thank you:)
Kamlesh Gour
November 24, 2011
Session in jsp

which types of session use in Secured Trasection and why?................................. pl give ans With Example
Bhupesh Mishra
December 11, 2011

Best One.
January 12, 2012
Feedback for

Hi, Content you are displaying on each concept is good and understandable but advertisements beside to the content is horrible and some of them are very embarassive.we cant open the page infront of officials. I wanted to give feedback from long back.please consider it and do needed actions.
January 31, 2012

Emmanuel prabakaran
July 14, 2012
session means

what the use session .
November 3, 2012