问题
HttpSession is a high level interface built on top of cookies and url-rewriting, which means that there is only a session ID is stored in client side and the data associated with it is stored in server side.
Where is the HttpSession data actually stored in the server side? In the JVM memory or somewhere else? Can I change the place where to store it, e.g. save them into an in-memory database?
If it's not in a database, is there any concurrency problem when many clients work on the same session data at the same time?
回答1:
It's up to the server where to store session data; the ones I'm familiar with allow some level of configuration as to where (disk, DB, memory, ...) session data is stored.
Different clients shouldn't be working on the same session data--session data is per-client. That said, a single client (like a web browser) could have multiple windows or tabs open, and yes, that can cause issues.
Clustering adds a layer of complexity/headache as session data is shared between servers.
来源:https://stackoverflow.com/questions/7885525/where-is-the-httpsession-data-stored