custom state management for Java EE

Question

I've worked with Java EE (now Jakarta EE) since before it was named "EE" (i.e. servlets, etc.) but the last time I was deeply into session management was over 15 years ago. Now we have new technologies and trends such as the HTML5 Web Storage API and JSON Web Token (JWT). While one can debate the benefits of JWT for session tracking, there are some interesting benefits to keeping track of a session in a single tab using the sessionStorage.

So just to bring me up to speed:

• Are the latest Java EE technologies (Java EE 8) still restricted to cookies and URL rewriting for session tracking, and
• Do the most recent Java EE APIs allow me to provide custom state management, e.g. override how the container finds state (if I wanted to store a state identifier in sessionStorage instead of a cookie, for example)?

All the discussion I've seen seems to dance around this question. If someone could direct me to some existing documentation, if there is any, that would help, too. Thanks.

Answer 1

localStorage is for keeping data for the use in the browser across sessions. For session data, one would use sessionStorage. None of the data stored there ever goes to the server without being explicitly posted.

Session data could also be stored on the server side by the container. The state can be identified in any of the standard ways of an HTTP header or a cookie. The developer may use a home grown implementation to hold the session identifier. If Spring Session is used for session management, then the eager developer would need to implement a custom session ID resolver.