J2EE - Interview Questions and Answers on Session

Q1.  what is the use of cookie and session ? and What is the difference between them ?

Ans. Cookie and Session are used to store the user information. Cookie stores user information on client side and Session does it on server side. Primarily, Cookies and Session are used for authentication, user preferences, and carrying information across multiple requests. Session is meant for the same purpose as the cookie does. Session does it on server side and Cookie does it on client side. One more thing that quite differentiates between Cookie and Session. Cookie is used only for storing the textual information. Session can be used to store both textual information and objects.

Q2.  What is session tracking and how do you track a user session in servlets?

Ans. Session tracking is a mechanism that servlets use to maintain state about a series requests from the same user across some period of time. The methods used for session tracking are:

User Authentication - occurs when a web server restricts access to some of its resources to only those clients that log in using a recognized username and password

Hidden form fields - fields are added to an HTML form that are not displayed in the client's browser. When the form containing the fields is submitted, the fields are sent back to the server

URL rewriting - every URL that the user clicks on is dynamically modified or rewritten to include extra information. The extra information can be in the form of extra path information, added parameters or some custom, server-specific URL change.

Cookies - a bit of information that is sent by a web server to a browser and which can later be read back from that browser.

HttpSession- places a limit on the number of sessions that can exist in memory. 

Q3.  What is the use of HTTPSession in relation to http protocol ?

Ans. http protocol on its own is stateless. So it helps in identifying the relationship between multiple stateless request as they come from a single source.

Q4.  Why using cookie to store session info is a better idea than just using session info in the request ?

Ans. Session info in the request can be intercepted and hence a vulnerability. Cookie can be read and write  by respective domain only and make sure that right session information is being passed by the client.

Q5.  What are different types of cookies ?

Ans. Session cookies , which are deleted once the session is over.

Permanent cookies , which stays at client PC even if the session is disconnected.

Q6.  http protocol is by default ... ?

Ans. stateless