custom state management for Java EE

About

Asked 17/10, 2018 at 17:54 Answered 25/10, 2018 at 21:5

session jakarta-ee session-cookies session-storage session-management

I've worked with Java EE (now Jakarta EE) since before it was named "EE" (i.e. servlets, etc.) but the last time I was deeply into session management was over 15 years ago. Now we have new technologies and trends such as the HTML5 Web Storage API and JSON Web Token (JWT). While one can debate the benefits of JWT for session tracking, there are some interesting benefits to keeping track of a session in a single tab using the sessionStorage.

So just to bring me up to speed:

Are the latest Java EE technologies (Java EE 8) still restricted to cookies and URL rewriting for session tracking, and
Do the most recent Java EE APIs allow me to provide custom state management, e.g. override how the container finds state (if I wanted to store a state identifier in sessionStorage instead of a cookie, for example)?

All the discussion I've seen seems to dance around this question. If someone could direct me to some existing documentation, if there is any, that would help, too. Thanks.

Knobkerrie answered 17/10, 2018 at 17:54 Comment(0)

localStorage is for keeping data for the use in the browser across sessions. For session data, one would use sessionStorage. None of the data stored there ever goes to the server without being explicitly posted.

Session data could also be stored on the server side by the container. The state can be identified in any of the standard ways of an HTTP header or a cookie. The developer may use a home grown implementation to hold the session identifier. If Spring Session is used for session management, then the eager developer would need to implement a custom session ID resolver.

Disini answered 25/10, 2018 at 21:5 Comment(4)

I had two specific questions, and I'm afraid I don't see how you answered either of them, although I do see that you found a parenthetical example and responded to that. It looks like this is one of those answers that "seems to dance around this question" as I mentioned in the description. :( – Knobkerrie 25/10, 2018 at 22:3

Please specify in greater detail your questions. Regarding the 1st, I do not see a restriction other types of session tracking. Although I did not see anyone implementing it differently. I searched github for implementations of HttpSessionIdResolver & couldn't find any. I assume this is a good test, since Spring is ubiquitous. For the 2nd, it appears you are mixing terms. For server side, sessionStorage, is a logical term for data kept throuought a session, which can be persisted in various backends: jdbc, files, memory, nosql. Did I understand your questions correctly? – Disini 28/10, 2018 at 12:40

"Are the latest Java EE technologies (Java EE 8) still restricted to cookies and URL rewriting for session tracking?" Yes or no? "I Googled around and couldn't find anything" isn't an answer—I Googled myself and couldn't find anything, which is why I'm asking the question. "Do the most recent Java EE APIs allow me to provide custom state management, e.g. override how the container finds state?" Do they, yes or no? If so, how do I do that? Don't get sidetracked on the sessionStorage part. Maybe I send it as an HTTP header from JavaScript. It was an example, and ancillary to the question. – Knobkerrie 29/10, 2018 at 15:20

You could use hidden form fields as well. And also, you could consider using a calmer tone in your responses. – Disini 1/11, 2018 at 6:10

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags