HTTP Session in Spring

Overview

An HTTP session is a server-side mechanism used to store information that maintains state between the client and server across multiple requests. In the context of Spring, a session-scoped bean is linked to the HTTP session, allowing data to be stored and shared across multiple requests from the same client during their session. This is particularly useful in web applications where user-specific data needs to be preserved across different interactions with the server.

Definition

The HTTP session allows a server to store data between multiple request-response interactions with the same client. It uses a unique session ID to identify the client and associate it with a memory location in the application. This mechanism ensures that the server can recognize returning clients and maintain continuity in their interactions.

Figure C.4 The HTTP session mechanism. The server identifies the client with a unique session ID it generates. The client sends the session ID in the next requests, so the backend app knows which memory location it reserved earlier for the client. Figure C.4 The HTTP session mechanism. The server identifies the client with a unique session ID it generates. The client sends the session ID in the next requests, so the backend app knows which memory location it reserved earlier for the client.

Session-Scoped Beans

In Spring, a session-scoped bean is an object managed by the framework, where Spring creates an instance and links it to the HTTP session. This instance can be reused for the same client while the HTTP session is active. The data stored in the session-scoped bean attribute is available for all the client’s requests throughout an HTTP session. This approach allows you to store information about user activities while they navigate through the pages of your application.

[Figure 9.8](https://livebook.manning.com/spring-start-here/chapter-9/figure--9-8) The session-scoped bean is used to keep a bean in the context throughout the client’s full HTTP session. Spring creates an instance of a session-scoped bean for each HTTP session a client opens. The client accesses the same instance for all the requests sent through the same HTTP session. Each user has their own session and accesses different instances of the session-scoped bean. Figure 9.8 The session-scoped bean is used to keep a bean in the context throughout the client’s full HTTP session. Spring creates an instance of a session-scoped bean for each HTTP session a client opens. The client accesses the same instance for all the requests sent through the same HTTP session. Each user has their own session and accesses different instances of the session-scoped bean.

Creating a Session-Scoped Bean

Creating a session-scoped bean in Spring is straightforward with the @SessionScope annotation. Below is an example of defining a session-scoped bean to keep logged user details:

Listing 9.5 Defining a session-scoped bean to keep the logged user details

@Service                                    // #1
@SessionScope                               // #2
public class LoggedUserManagementService {
 
  private String username;
 
  // Omitted getters and setters
}
// #1 We add the @Service stereotype annotation to instruct Spring to manage this class as a bean in its context.
// #2 We use the @SessionScope annotation to change the scope of the bean to session.

In this example, every time a user successfully logs in, their username is stored in the username attribute of the LoggedUserManagementService bean. This value is accessible throughout the entire HTTP session, allowing the application to recognize if someone is logged in and who they are.

Use Cases

A common use case for HTTP sessions is the cart functionality of an online shop, where the server needs to remember the products added by a client across multiple requests. Another example is managing user authentication and access control within a web application.

[Figure 9.11](https://livebook.manning.com/spring-start-here/chapter-9/figure--9-11) The login flow implemented in the example. When the user submits their credentials, the login process begins. If the user's credentials are correct, the username is stored in the session-scoped bean, and the app redirects the user to the main page. If the credentials are not valid, the app redirects the user back to the login page and displays a failed login message. Figure 9.11 The login flow implemented in the example. When the user submits their credentials, the login process begins. If the user’s credentials are correct, the username is stored in the session-scoped bean, and the app redirects the user to the main page. If the credentials are not valid, the app redirects the user back to the login page and displays a failed login message.

Comparison with Request-Scoped Beans

While request-scoped beans create a new instance for every HTTP request, session-scoped beans create only one instance per HTTP session. This allows session-scoped beans to store data shared by multiple requests of the same client.

[Figure 9.9](https://livebook.manning.com/spring-start-here/chapter-9/figure--9-9) A comparison between the request-scoped and session-scoped beans to help you visualize the differences between these two web bean scopes. You use request-scoped beans when you want Spring to create a new instance for each request. You use a session-scoped bean when you want to keep the bean (together with any details it holds) throughout the client’s HTTP session. Figure 9.9 A comparison between the request-scoped and session-scoped beans to help you visualize the differences between these two web bean scopes. You use request-scoped beans when you want Spring to create a new instance for each request. You use a session-scoped bean when you want to keep the bean (together with any details it holds) throughout the client’s HTTP session.

FAQ (Frequently asked questions)

What is an HTTP session in the context of a Spring web app?

An HTTP session is a server-side storage of information used to maintain state between the client and server across multiple requests. In Spring, a session-scoped bean is linked to the HTTP session, allowing data to be stored and shared across multiple requests from the same client during their session.

How does a session-scoped bean work in a Spring web app?

A session-scoped bean is used to keep a bean in the context throughout the client’s full HTTP session. Spring creates an instance of a session-scoped bean for each HTTP session a client opens. The client accesses the same instance for all the requests sent through the same HTTP session, and each user has their own session and accesses different instances of the session-scoped bean.

How does an HTTP session store data between requests?

An HTTP session uses a unique session ID to identify the client and associate it with a memory location in the app, allowing the server to store data between multiple request-response interactions with the same client.

How does the server identify a client in an HTTP session?

The server identifies the client with a unique session ID it generates. The client sends the session ID in subsequent requests, so the backend app knows which memory location it reserved earlier for the client.

What is an example of an HTTP session in use?

An example of an HTTP session is the cart functionality of an online shop, where the server needs to remember the products added by a client across multiple requests.

sitemap

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage
test yourself with a liveTest