Session Management in Java
Last Updated :
02 Aug, 2025
Session Management is the process of tracking and storing user preferences and activities during their visit to a website or application. It helps maintain continuity until the user logs out or the session expires, avoiding the need to re-enter preferences repeatedly.
What is a Session?
A session stores user data on the server temporarily, starting when the user logs in and ending when they log out or close the browser. This data is accessible across different pages using a unique session ID and is securely stored in a format that can only be decoded by the server.
Why Session Management is Important
Session management is essential for both functionality and security in web applications. Here's why:
- It securely stores user credentials (often encrypted) to support features like auto-login.
- Sensitive data can be stored safely due to encryption.
- Sessions allow faster response times by quickly accessing temporary data.
- They help restrict access from unauthorized sources, enhancing application and network security.
Role of Cookies and Other Tracking Mechanisms
Cookies and tracking mechanisms are essential for session management. They help websites recognize users, store preferences and ensure secure, personalized experiences.
1. Session Cookies
- Purpose: Manage temporary session data like login status.
- How it works: A unique session ID is created and stored in a cookie when the user logs in.
- Expiry: Automatically deleted when the browser is closed.
- Use: Supports auto-login during a session without re-entering credentials.
2. Persistent Cookies
- Purpose: Store user preferences and settings long-term.
- How it works: Remains stored on the user’s device even after the browser is closed.
- Use: Enables personalized experiences across multiple visits.
3. Tracking Mechanisms
- User Tracking: JavaScript or tracking pixels monitor user behavior for analytics and improved UX.
- Third-Party Cookies: Set by external domains for cross-site tracking and targeted advertising.
4. Security Measures
- CSRF Tokens: Prevent unauthorized actions by storing anti-CSRF tokens in cookies.
- Secure & HttpOnly Flags:
- Secure: Ensures cookies are only sent over HTTPS.
- HttpOnly: Prevents client-side scripts from accessing the cookie, reducing attack risks.
How to Get a Session?
- In Java Servlets, sessions are managed using the HttpSession object.
- HttpSession is part of the javax.servlet.http package.
- It allows tracking the client's session and storing user information.
- Used to store and retrieve attributes across multiple client requests.
- Helps manage session state and user data efficiently.
Retrieving HttpSession in Servlets
1. Use request.getSession() to get the current session or create a new one if it doesn't exist.
HttpSession session = request.getSession();
2. Use request.getSession(true) to force creation of a new session if none exists.
HttpSession session = request.getSession(true);
3. Use request.getSession(false) to fetch an existing session only (returns null if none exists).
HttpSession session = request.getSession(false);
Common Methods
1. setAttribute(String name, Object value)
This associates the specified value to the specified name in a particular session. This can be used to store data that needs to be managed across multiple requests.
HttpSession session = request.getSession(); session.setAttribute("username", "GFG");
2. getAttribute(String name)
Returns the value which is associated with the specified name in the particular session. This is used to retrieve previously stored session attributes.
HttpSession session = request.getSession(); String username = (String) session.getAttribute("username");
3. removeAttribute(String name)
It removes the attribute with the specified name from the session.
HttpSession session = request.getSession(); session.removeAttribute("username");
4. invalidate()
Once the services are completed, it is necessary to destroy the session object. The syntax follows.
HttpSession session = request.getSession(); session.invalidate();
Example
Java
import javax.servlet.http.*;
@WebServlet("/api")
public class GFG extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response) {
// Retrieve the HttpSession object
HttpSession session = request.getSession();
// Use HttpSession methods
session.setAttribute("username", "GFG");
String value = (String) session.getAttribute("username");
}
}
Explanation: In the above example, the getSession() method is called on the HttpServletRequest object to retrieve the HttpSession. Once you have the HttpSession object, you can use its methods to set and retrieve session attributes.
Session Tracking Mechanisms in Servlets
To maintain the session between a web server and a web client, following methods can be used.
1. Cookies
- The server assigns a unique session ID to the client in the form of a cookie.
- On subsequent requests, the client sends this cookie, helping the server identify the session.
- This approach is browser-dependent and may not work if cookies are disabled or blocked.
- Syntax example:
Cookie cookie = new Cookie("sessionId", "123456");
response.addCookie(cookie);
- The server embeds a hidden input field with a session ID in the HTML form:
<input type = "hidden" name = "sessionId" value = "12345">
- This sends the session ID with each form submission, allowing the server to track the session.
- It works only with form submissions, not with standard hyperlinks (<a href="">), Hence, it’s not suitable for general session tracking.
3. URL Rewriting
- The session ID is appended to the URL as a query parameter.
- This helps the server identify the session and process the client’s request.
- Works independently of browser settings (unlike cookies).
- Not suitable for static pages as URLs are generated dynamically.
Example:
String urlWithSessionId = response.encodeURL("/api");
Session Lifecycle
The stages which a user session goes through right from its creation to its eventual expiration completes the session lifecycle. In the context of web applications, the lifecycle involves the management of user-specific data across multiple session requests. The key stages involved in the session lifecycle are described below.
1. Session Creation
- Trigger: The session is created when the user logs into the application for the initial time.
- Action: The servlet container creates a new session for the user using HttpSession attribute when the user logs in the platform for the first time. As no existing session is associated with the user, it creates a new one and generates a session ID which is stored as a cookie on the client's browser based on the system requirements.
2. Attribute Setting
- Trigger: Once the session is created, the required attributes are set on the session using the servlets or the JSP page.
- Action: The required attribute are named and stored using the setAttribute method of the HttpSession object which makes sure that this can be use across multiple locations.
Example:
HttpSession session = request.getSession();
session.setAttribute("username", "GFG");
3. Client Interaction
- Trigger: The user interacts with the web application, making additional requests.
- Action: The session ID is now associated with each successive request, allowing the servlet container to map the request with the correct session. To retrieve the attributes associated to the particular session, use getAttribute method.
Example:
HttpSession session = request.getSession();
String username = (String) session.getAttribute("username");
4. Session Invalidation
- Trigger: The session can be invalidated explicitly by the application or automatically based on certain criteria as per the system requirements.
- Action: We can invoke invalidate method to remove all the session attributes associated with that particular session. Further we can use a timeout concept which will invalidate the sessions automatically after a specified period of inactivity.
HttpSession session = request.getSession(); session.invalidate();
5. Session Expiration
- Trigger: We can set the session timeout, which is a defined maximum time of existence.
- Action: Once the browsing is completed, we can remove the data and the user's preference based on the maximum inactive time interval.
HttpSession session = request.getSession();
// Session will be invalidated after 30 minutes of inactivity session.setMaxInactiveInterval(1800);
Example of Session Management
Below example demonstrates creating a session, setting and retrieving attributes and finally, invalidating the session.
Java
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@WebServlet("/api")
public class GFG extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// Get the HttpSession object. If it doesn't exist, a new one will be created.
HttpSession session = request.getSession();
// Set a session attribute
session.setAttribute("username", "GFG");
// Retrieve the session attribute
String username = (String) session.getAttribute("username");
// Display the attribute value in the response
response.getWriter().println("Username from Session: " + username);
// Invalidate the session after displaying the attribute
session.invalidate();
}
}
Explaination of the above Example:
- A servlet named /api is created.
- When a user accesses the servlet, the doGet method is called which retrieves the existing HttpSession associated with the request or creates a new one if it doesn't exist using the request.getSession() method.
- The servlet sets a session attribute named "username" to the value "GFG" using session.setAttribute.
- It retrieves the "username" attribute from the session using session.getAttribute and prints it in the HTTP response.
- Finally, the session.invalidate() method is called to invalidate the session.
Similar Reads
Java Tutorial Java is a high-level, object-oriented programming language used to build web apps, mobile applications, and enterprise software systems. Known for its Write Once, Run Anywhere capability, which means code written in Java can run on any device that supports the Java Virtual Machine (JVM).Syntax and s
10 min read
Basics
Introduction to JavaJava is a high-level, object-oriented programming language developed by Sun Microsystems in 1995. It is platform-independent, which means we can write code once and run it anywhere using the Java Virtual Machine (JVM). Java is mostly used for building desktop applications, web applications, Android
4 min read
Java Programming BasicsJava is one of the most popular and widely used programming language and platform. A platform is an environment that helps to develop and run programs written in any programming language. Java is fast, reliable and secure. From desktop to web applications, scientific supercomputers to gaming console
4 min read
Java MethodsJava Methods are blocks of code that perform a specific task. A method allows us to reuse code, improving both efficiency and organization. All methods in Java must belong to a class. Methods are similar to functions and expose the behavior of objects.Example: Java program to demonstrate how to crea
7 min read
Access Modifiers in JavaIn Java, access modifiers are essential tools that define how the members of a class, like variables, methods, and even the class itself, can be accessed from other parts of our program. They are an important part of building secure and modular code when designing large applications. In this article
6 min read
Arrays in JavaIn Java, an array is an important linear data structure that allows us to store multiple values of the same type. Arrays in Java are objects, like all other objects in Java, arrays implicitly inherit from the java.lang.Object class. This allows you to invoke methods defined in Object (such as toStri
9 min read
Java StringsIn Java, a String is the type of object that can store a sequence of characters enclosed by double quotes and every character is stored in 16 bits, i.e., using UTF 16-bit encoding. A string acts the same as an array of characters. Java provides a robust and flexible API for handling strings, allowin
8 min read
Regular Expressions in JavaIn Java, Regular Expressions or Regex (in short) in Java is an API for defining String patterns that can be used for searching, manipulating, and editing a string in Java. Email validation and passwords are a few areas of strings where Regex is widely used to define the constraints. Regular Expressi
7 min read
OOPs & Interfaces
Classes and Objects in JavaIn Java, classes and objects are basic concepts of Object Oriented Programming (OOPs) that are used to represent real-world concepts and entities. A class is a template to create objects having similar properties and behavior, or in other words, we can say that a class is a blueprint for objects.An
10 min read
Java ConstructorsIn Java, constructors play an important role in object creation. A constructor is a special block of code that is called when an object is created. Its main job is to initialize the object, to set up its internal state, or to assign default values to its attributes. This process happens automaticall
10 min read
Java OOP(Object Oriented Programming) ConceptsBefore Object-Oriented Programming (OOPs), most programs used a procedural approach, where the focus was on writing step-by-step functions. This made it harder to manage and reuse code in large applications.To overcome these limitations, Object-Oriented Programming was introduced. Java is built arou
10 min read
Java PackagesPackages in Java are a mechanism that encapsulates a group of classes, sub-packages and interfaces. Packages are used for: Prevent naming conflicts by allowing classes with the same name to exist in different packages, like college.staff.cse.Employee and college.staff.ee.Employee.They make it easier
8 min read
Java InterfaceAn Interface in Java programming language is defined as an abstract type used to specify the behaviour of a class. An interface in Java is a blueprint of a behaviour. A Java interface contains static constants and abstract methods. Key Properties of Interface:The interface in Java is a mechanism to
11 min read
Collections
Exception Handling
Java Exception HandlingException handling in Java is an effective mechanism for managing runtime errors to ensure the application's regular flow is maintained. Some Common examples of exceptions include ClassNotFoundException, IOException, SQLException, RemoteException, etc. By handling these exceptions, Java enables deve
8 min read
Java Try Catch BlockA try-catch block in Java is a mechanism to handle exceptions. This make sure that the application continues to run even if an error occurs. The code inside the try block is executed, and if any exception occurs, it is then caught by the catch block.Example: Here, we are going to handle the Arithmet
4 min read
Java final, finally and finalizeIn Java, the keywords "final", "finally" and "finalize" have distinct roles. final enforces immutability and prevents changes to variables, methods, or classes. finally ensures a block of code runs after a try-catch, regardless of exceptions. finalize is a method used for cleanup before an object is
4 min read
Chained Exceptions in JavaChained Exceptions in Java allow associating one exception with another, i.e. one exception describes the cause of another exception. For example, consider a situation in which a method throws an ArithmeticException because of an attempt to divide by zero.But the root cause of the error was an I/O f
3 min read
Null Pointer Exception in JavaA NullPointerException in Java is a RuntimeException. It occurs when a program attempts to use an object reference that has the null value. In Java, "null" is a special value that can be assigned to object references to indicate the absence of a value.Reasons for Null Pointer ExceptionA NullPointerE
5 min read
Exception Handling with Method Overriding in JavaException handling with method overriding in Java refers to the rules and behavior that apply when a subclass overrides a method from its superclass and both methods involve exceptions. It ensures that the overridden method in the subclass does not declare broader or new checked exceptions than thos
4 min read
Java Advanced
Java Multithreading TutorialThreads are the backbone of multithreading. We are living in the real world which in itself is caught on the web surrounded by lots of applications. With the advancement in technologies, we cannot achieve the speed required to run them simultaneously unless we introduce the concept of multi-tasking
15+ min read
Synchronization in JavaIn multithreading, synchronization is important to make sure multiple threads safely work on shared resources. Without synchronization, data can become inconsistent or corrupted if multiple threads access and modify shared variables at the same time. In Java, it is a mechanism that ensures that only
10 min read
File Handling in JavaIn Java, with the help of File Class, we can work with files. This File Class is inside the java.io package. The File class can be used to create an object of the class and then specifying the name of the file.Why File Handling is Required?File Handling is an integral part of any programming languag
6 min read
Java Method ReferencesIn Java, a method is a collection of statements that perform some specific task and return the result to the caller. A method reference is the shorthand syntax for a lambda expression that contains just one method call. In general, one does not have to pass arguments to method references.Why Use Met
9 min read
Java 8 Stream TutorialJava 8 introduces Stream, which is a new abstract layer, and some new additional packages in Java 8 called java.util.stream. A Stream is a sequence of components that can be processed sequentially. These packages include classes, interfaces, and enum to allow functional-style operations on the eleme
15+ min read
Java NetworkingWhen computing devices such as laptops, desktops, servers, smartphones, and tablets and an eternally-expanding arrangement of IoT gadgets such as cameras, door locks, doorbells, refrigerators, audio/visual systems, thermostats, and various sensors are sharing information and data with each other is
15+ min read
JDBC TutorialJDBC stands for Java Database Connectivity. JDBC is a Java API or tool used in Java applications to interact with the database. It is a specification from Sun Microsystems that provides APIs for Java applications to communicate with different databases. Interfaces and Classes for JDBC API comes unde
12 min read
Java Memory ManagementJava memory management is the process by which the Java Virtual Machine (JVM) automatically handles the allocation and deallocation of memory. It uses a garbage collector to reclaim memory by removing unused objects, eliminating the need for manual memory managementJVM Memory StructureJVM defines va
4 min read
Garbage Collection in JavaGarbage collection in Java is an automatic memory management process that helps Java programs run efficiently. Java programs compile to bytecode that can be run on a Java Virtual Machine (JVM). When Java programs run on the JVM, objects in the heap are created, which is a portion of memory dedicated
7 min read
Memory Leaks in JavaIn programming, a memory leak happens when a program keeps using memory but does not give it back when it's done. It simply means the program slowly uses more and more memory, which can make things slow and even stop working. Working of Memory Management in JavaJava has automatic garbage collection,
3 min read
Practice Java
Java Interview Questions and AnswersJava is one of the most popular programming languages in the world, known for its versatility, portability, and wide range of applications. Java is the most used language in top companies such as Uber, Airbnb, Google, Netflix, Instagram, Spotify, Amazon, and many more because of its features and per
15+ min read
Java Programs - Java Programming ExamplesIn this article, we will learn and prepare for Interviews using Java Programming Examples. From basic Java programs like the Fibonacci series, Prime numbers, Factorial numbers, and Palindrome numbers to advanced Java programs.Java is one of the most popular programming languages today because of its
8 min read
Java Exercises - Basic to Advanced Java Practice Programs with SolutionsLooking for Java exercises to test your Java skills, then explore our topic-wise Java practice exercises? Here you will get 25 plus practice problems that help to upscale your Java skills. As we know Java is one of the most popular languages because of its robust and secure nature. But, programmers
7 min read
Java Quiz | Level Up Your Java SkillsThe best way to scale up your coding skills is by practicing the exercise. And if you are a Java programmer looking to test your Java skills and knowledge? Then, this Java quiz is designed to challenge your understanding of Java programming concepts and assess your excellence in the language. In thi
1 min read
Top 50 Java Project Ideas For Beginners and Advanced [Update 2025]Java is one of the most popular and versatile programming languages, known for its reliability, security, and platform independence. Developed by James Gosling in 1982, Java is widely used across industries like big data, mobile development, finance, and e-commerce.Building Java projects is an excel
15+ min read