What is HttpSession?
HttpSession is a part of Java’s Servlet API that helps a web application temporarily store and remember user-specific data (like name, email, role, etc.) across multiple requests (pages).
Httpsession is used store data per user across multiple Http request(like web app remember a user's data while they move between pages)
.it helps for spring boot remember a user between requests/pages like a temporary memory for each logged in user.Httpsession is interface ,
memory Location: server side
Timeout duration: Default 30 min
Store format:key-value(string-object)
Real-life usage:Login.cart,dashboard,preferences.
when user login in , you can store their name in the session:
session.setAttribute("key", value);
session.setAttribute("username", "Prasanth");
Later, another method ,you can get it back:
String name = (String) session.getAttribute("username");
session.getAttribute("key");
- Even though user movers between pages, their name stays stored in the session , until that user log out or session expires.
why to use HttpSession?
Because Http is stateless -> like by default , each request does not remember anything about previous ones.
so we use HttpSession to:
useCase:-user login -> keep user info save across pages
shoppig cart -> store selected item temporarily.
preference -> store user setting ,them,laguage
Prevent re-login -> Avoid asking for details again and agian.
Why HttpSession Is Useful?
- Avoids using database for every small detail
- Works even if user switches pages
- Fast, lightweight, temporary (auto clears after timeout)
With Session?
- You log in once, and your info is remembered until you:
- Logout Or close the browser Or session times out
Stores data like:
- username
- user ID
- shopping cart
- user preference
Without Session?
- Every page would forget who you are.
- You’d have to log in again and again
Example:
- You visit a login page → enter name → click login
- The next page doesn't remember what you did earlier unless you store it (like using HttpSession)
Features of HttpSession:
- Stores user data => Temporarily stores data for each user (e.g., login info, cart)
- Unique per user => Each user gets a separate session
- Set & get values => You can store and retrieve values using setAttribute / getAttribute
- Auto session ID=>Automatically assigns a unique session ID to each user Secure Can be configured to expire or invalidate when needed.
Where is it stored?
- Data is stored on the server side (in RAM or temporary session storage)
- Only the session ID is sent to the client (browser) via a cookie.
Duration of Session (Timeout)
Type:-
- Default timeout=>Usually 30 minutes (can be changed in configuration)
- Manually expired =>You can call session.invalidate(); to end the session 3.Configurable Set time using session.setMaxInactiveInterval(600); // 10 min
Where it comes from?
-
HttpSession is an interface
Comes from the jakarta.servlet.http.HttpSession package
(Earlier it was javax.servlet.http.HttpSession)
How to use it?
// Store data
session.setAttribute("username", "Prasanth");
// Get data
String name = (String) session.getAttribute("username");
// Remove data
session.removeAttribute("username");
// Invalidate session
session.invalidate();
Top comments (0)