Java EE (Java Enterprise Edition) General Discussion

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Where are Httpsession attributes stored, browser or server?

Zhang ZhongyiJun 15 2013 — edited Jul 5 2013

I am wondering where the attributes I put into the Httpsession are stored.

For example, if I do the following

HttpSession session = request.getSession();

session.setAttribute("usr", usr);

session.setAttribute("pwd", pwd);

where does the ("pwd", pwd) pair store?

In my case, my web application needs to use the usr and pwd to login to another application, so I have to store them somewhere. So for security reason, if the pwd is kept in the browser side, I need to encrypt it first before I put it in the session. On the other hand if it is stored in the server memory then encryption seems not necessary. Anyone can give me some reference on this matter?

Locked Post

New comments cannot be posted to this locked post.

Locked on Aug 2 2013

Added on Jun 15 2013

#java-ee-sdk

1 comment

1,937 views