Interview Questions

Just another weblog

Session and Cookies

Posted by ananddesai on January 14, 2008


Definition: – A cookie is information that a Website puts on your hard disk so that it can remember something about you at a later time. (More technically, it is information for future use that is stored by the server on the client side of a client/server communication.)

In short, Cookie is client’s information for particular site stored on client’s PC.

Typically, a cookie records your preferences when using a particular site. Using the Web’s Hypertext Transfer Protocol (HTTP), each request for a Web page is independent of all other requests. For this reason, the Web page server has no memory of what pages it has sent to a user previously or anything about your previous visits. A cookie is a mechanism that allows the server to store its own information about a user on the user’s own computer.

Procedure:-  following are steps show how cookies works

  1. When you visit some site, server for that site stores information (user name or simply physical address of user’s pc) in 1 text file. For that, that site may ask you to fill details about yourself  or  it can simple fetch physical address of your computer.
  2. Server sends this file to client with web page and that file is saved in client’s pc.
  3. Now when user visits that website again, that cookie file is also sent to server with the web page request.
  4. From that file, website’s sever can identify that particular user and do further procedures (Ex.  Prepare customized webpage for that user) using that information.

Example:-  Best example for working of cookies is “iGoogle” website. Follow these steps to see it:

  1. Visit
  2. Click on link written ‘iGoogle’ on top-right side of the page. You will see customized page of google. (When you click on this link, Physical address (Mind you…physical address  which always remains unique. While IPaddress of your pc may change) of your pc is stored in google’s server)
  3. You can customize that page according to your need and that page information is saved in one text file and sent back to client’s pc.
  4. Close that window.
  5. Again go to IE and visit You will see customized page you have created before. This is because when you visit same page again, your pc send that cookie also with webpage request. Google server resolve that file and come to know that that client is having customized page and send that customized page instead of normal page

(Clear cookies from your pc and visit the same page and see what happens!!!!!!)

  Types of Cookies: session cookie
Also called a transient cookie, a cookie that is erased when you close the Web browser. The session cookie is stored in temporary memory and is not retained after the browser is closed. Session cookies do not collect information from yourcomputer. They typically will store information in the form of a session identification that does not personally identify the user.
persistent cookie
Also called a permanent cookie, or a stored cookie, a cookie that is stored on your hard drive until it expires (persistent cookies are set with expiration dates) or until you delete the cookie. Persistent cookies are used to collect identifying information about the user, such as Web surfing behavior or user preferences for a specific Web site.  


Definition: – A session is information of user that a Website puts on its temporary memory so that it can remember something about you when you are visiting that site. (More technically, it is information for future use that is stored by the server on the server side of a client/server communication.)

 In short, Session is client’s information for particular site stored on Server’s temporary memory. The period of time a user interfaces with an application. The user session begins when the user accesses the application and ends when the user quits the application The number of user sessions on a site is used in measuring the amount of traffic a website gets. The site administrator determines what the time frame of a user session will be (e.g., 30 minutes). If the visitor comes back to the site within that time period, it is still considered one user session because any number of visits within those 30 minutes will only count as one session. If the visitor returns to the site after the allotted time period has expired, say an hour from the initial visit, then it is counted as a separate user session. Contrast with unique visitor, hit, click-through and page view, which are all other ways that site administrators measure the amount of traffic a Web site gets. Example:- When you visit , you have to enter your account ID and password first. That information is verified on server and stored on server in session until that user is logged on. 

What is the difference between session and cookie?If you set the variable to “cookies”, then your users will not have to log in each time they enter your community.

The cookie will stay in place within the user’s browser until the user deletes it.

But Sessions are popularly used, as the there is a chance of your cookies getting blocked if the user browser security setting is set high.

If you set the variable to “sessions”, then user activity will be tracked using browser sessions, and your users will have to log in each time they re-open their browser. Additionally, if you are using the “sessions” variable, you need to secure the “sessions” directory, either by placing it above the web root or by requesting that your web host make it a non-browsable directory.

The Key difference would be cookies are stored in your hard disk whereas a session aren’t stored in your hard disk. Sessions are basically like tokens, which are generated at authentication. A session is available as long as the browser is opened.

  1) session should work regardless of the settings on the client browser. even if users decide to forbid the cookie (through browser settings) session still works. there is no way to disable sessions from the client browser.
2) session and cookies differ in type and amount of information they are capable of storing.
Javax.servlet.http.Cookie class has a setValue() method that accepts Strings. javax.servlet.http.HttpSession has a setAttribute() method which takes a String to denote the name and java.lang.Object which means that HttpSession is capable of storing any java object. Cookie can only store String objects


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: