cookie vs httpsesion object

Hi,

which option is better in maintaing the sesion in a real time application.

cookies or session object ?

site will be having large no.of hits and will be deployed under a clustered environment.

thanks,
neeraj.

Well, an HttpSession is the server side component available in the Servlet and JSP API, and it's the one that pretty much every large site uses, so simply 'majority rules' would indicate the HttpSession.

But an HttpSession often uses a cookie on the client to plant an ID, so in most cases, they are part of the same solution, unless you are using URLRewriting.

Use the HttpSession. Don't mess around too much with cookies.

-Cameron McKenzie

The only case in which I would even consider cookie(s) over a session would be if the "user state" to be preserved could be represented very compactly in short string(s) AND exposing the contents did not constitute a security problem. There are big limitations on how much cookies can store - search for rfc2965.

Bill

Hello,

Thanks for your inputs. If it is possible, please provide some more justification for using httpsession object over cookie.

thanks,
neeraj.

Why do I feel like I'm answering somebody's homework assignment?

Let's put it back on you. Why would you want to use a cookie, when the Servlet and JSP API provides you a much easier and reliable HttpSession?

-Cameron McKenzie