Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

HttpSession safe

Tags:

security

servlets

session

httpsession

Where is servlet HttpSession stored?

Is it safe to store sensitive information in HttpSession attributes.

Can user maliciously modify session attributes?

like image 658
Jor Avatar asked Apr 29 '26 06:04

Jor

1 Answers

Where HttpSession is stored depends on the application server implementation and the configuration selected by the deployer. Usually it is stored in memory, but many application servers allow you to persist it in a database. In any case the session is stored in the server and not in the client.

If as user you mean the client, then it is impossible for him/her to modify it, as it is stored server-side.

like image 120
kgiannakakis Avatar answered Apr 30 '26 20:04

kgiannakakis
Sign in to Comment

Related questions

Making sure that a malicious apk isn't talking to my server
How to find and clean wordpress from script/s that changes your blog posts titles on Google and Yahoo with embarrassing "Viagra text"?
Same Origin Policy easily circumvented?
CSRF_COOKIE_SAMESITE equivalent for django 1.6.5

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!