|
This question is appropriate for anyone who has spent time
designing or architecting web applications. Candidates with
correct answers will have one or more web applications under
their belt, with at least 3-5 years of general technical experience.
It is designed to assess both an understanding of web contexts,
experience with web applications, and experience with architectural
choices. The question can also be adapted to other web application
environments, such as Cold Fusion with the Cold Fusion Application
Server and ASP with IIS.
What
type of information is appropriate to be stored in the session
context of a web application managed by a J2EE Web Container,
and why?
Answer:
The session context is used to store any objects that need
to be kept in between invocations of web pages. Among other
things, a web container (formerly called a servlet container,
or servlet engine) in an application server provides services
to track stateful sessions, because web pages in and of
themselves are stateless. Information commonly cached in
the session is user profile type information, such as name,
login id and user preferences. Other valid answers will
include authorization or security information, shopping
cart contents, and clickstream data, although it should
be noted that it is just as valid to store these categories
of information in more persistent storage, such as a database,
depending on the architectural goals of the system. If the
candidate gives examples of different information, ask for
reasons to support their choices.
Table 1. J2EE Server and Containers (http://java.sun.com/j2ee/tutorial/doc/Overview3.html)
The information stored in the session is typically related
to the user - any data or object that needs to be shared across
all users of the site should be stored at the application
context.
Candidates
will often have strong feelings about what type of information
works well in different contexts. A passionate answer is a
great sign! It usually means they have learned this the hard
way.
A sign of experience - an experienced candidate will mention
issues surrounding session size, session persistence, and/or
destroying of the session objects. These can often be "gotchas"
in larger applications.
Partially Correct:
A candidate may
state that form data should be stored in the session. Form
data is passed to the application server via the request context
and is typically acted upon during a single invocation, and
is not stored in the session. However, 'An exception to this
would be multi-page forms, such as "wizards", and some shopping
cart applications.
Bonus
Points:
There is overhead
associated with maintaining data in the session context. In
general, it is better to use lightweight object or primitives'.
Double
Bonus Points:
Any candidate who
mentions issues surrounding clustering application servers.
For example, in order to support in-memory replication for
HTTP session states in Weblogic Application Server 5.1, all
servlet and JSP session data must be serializable.
JNDI may be used
as an alternative to placing all objects in the session context.
A developer can develop a scheme to pass tokens back and forth
and have the server look up the objects on a JNDI tree.
About the author
Tracey Somo is a Principle Architect with Relera, Inc. She
has 10 years experience in software development across a diverse
range of industries. She has been involved in applying cutting
edge technologies to business applications early in the technology
cycle to provide a competitive edge. She currently specializes
in Internet architecture and Enterprise Application Integration.
|
