tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <>
Subject Re: Difference between org.apacha.catalina.Session and javax.servlet.http.HttpSession
Date Wed, 07 Nov 2007 02:40:47 GMT

>"Bárbara Vieira" <> wrote in message 
>Hi there!
>This question is about Tomcat's Architecture and CoyoteConnectors.
>I would like to know the difference between
>Session(org.apacha.catalina.Session) and
>HttSession(javax.servlet.http.HttpSession) objects.

The Session is Tomcat's internal representation of the data that the webapp 
will see in the HttpSession.  It more or less acts as the storage for the 
information in the HttpSession.  In particular, if the session is 
passivated, it is the Session object that is written out.  What happens is 
that the HttpSession instance has a reference to the Session and for the 
most part calls methods on the Session to implement it's own methods.  In 
most configurations, the concrete class implementing the Session interface 
is o.a.c.session.StandardSession, and the concrete class implementing 
HttpSession is o.a.c.session.StandardSessionFacade.  Looking at those 
classes should clear up the relationship between the two interfaces.

>In Request(org.apache.catalina.connector.Request) object  I get HttpSession
>- request.getSession()  and Session - request.getSessionInternal() objects,
>but I don't know the difference between this objects on Tomcat's
>Architecture.  I suppose that this objects represents different sessions in
>my Web Application, but this doesn't make sense, because each Web
>Application just have one session scope.

This represents the session that is particular to this particular Request. 
However, if you have access to the Session, you can poke around at other 
people's sessions as well.

>I know that HttpSession is available from Session object -

This is what the Request calls to get the HttpSession that it returns to the 
calling webapp.

>Another question about it is that, when I invalidate the HttpSession, am I
>invalidating Session object too?

Yes you are.

>Thanks for help me,
>Regards from Braga, Portugal
>Bárbara Vieira

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message