Where session variable is stored in java web application

Question

1 - Where session variables is stored in java web application ? on the client or the server side ?

2 - If i put a lot of objects and variables through the session it will slow down client's requests ?

P.S In my case i use spring mvc.

Answer 1

Simple answer is : your session data are stored on the server side.

Web browser will get only an string id to identify it's session.

In fact, spring security takes more care of session information, because if users even don't login, session may not exist at all.

When I use spring mvc only, I don't use session to store important data, because session is stored in memory only. It is designed to save data temporarily.

When I use spring security, I have to save many important things in memory, such as account data which could not be transmitted on internet, and I won't load them from database every time. So I have to choose session.

So when the server which stored login session is down, all users have logged in on this server would have to relogin to retrieve another session id.

Session is not always the best choice, because when we have many servers that use session data, I have to share the data among all servers, anyway, net IO is expensive for servers.

Answer 2

The "session" variable consists of two pieces, a very small session identifier which is stored on the client usually named jSessionId and stored as a cookie. But, the sessionId may also be encoded into URLs.

The second piece of a session is the actual data, and it is stored on the server. Possibly in a server-side database if the your server is part of a multi-server cluster. Each session is identified by that sessionId and the client sends it with every request. That is why it is designed to be very small.

Answer 3

1.it stored on server 2.Session stored on server ,so the Object you set in it may also stored on server.Request only send a SessionId to server to indentify this users Session to other users Session.