What is the difference between using getSession(true) and getSession(false) methods?

getSession(true): This method will check whether there is already a session exists for the user. If a session exists, it returns that session object. If a session does not already exist then it creates a new session for the user. 
getSession(false):  This method will check whether there is already a session exists for the user. If a session exists, it returns that session object. If a session does not already exist then it returns null. 

Sessions can be timed out (configured in web.xml) or manually invalidated. Hidden Fields on the pages can maintain state and they are not visible on the browser. The server treats both hidden and non-hidden fields the same way.  

 <INPUT type=”hidden” name=”firstName” value=”Ninja”> 
 <INPUT type=”hidden” name=”lastName” value=”Panda”> 

The disadvantage of hidden fields is that they may expose sensitive or private information to others. URL re-writing will append the state information as a query string to the URL. This should not be used to maintain private or sensitive information. 

 Http://MyServer:8080/MyServlet?firstName=Ninja&lastName=Panda 

Cookies: A cookie is a piece of text that a Web server can store on a user’s hard disk. Cookies allow a website to store information on a user’s machine and later retrieve it. These pieces of information are stored as name-value pairs. The cookie data moves in the following manner: 

  • If you type the URL of a website into your browser, your browser sends the request to the Web server. When the browser does this it looks on your machine for a cookie file that URL has set. If it finds it, your browser will send all of the name-value pairs along with the URL. If it does not find a cookie file, it sends no cookie data.
  • The URL’s Web server receives the cookie data and requests for a page. If name-value pairs are received, the server can use them. If no name-value pairs are received, the server can create a new ID and then sends name-value pairs to your machine in the header for the Web page it sends. Your machine stores the name value pairs on your hard disk. 

Cookies can be used to determine how many visitors visit your site. It can also determine how many are new versus repeated visitors. The way it does this is by using a database. The first time a visitor arrives; the site creates a new ID in the database and sends the ID as a cookie. The next time the same user comes back, the site can increment a counter associated with that ID in the database and know how many times that visitor returns. The sites can also store user preferences so that the site can look different for each visitor. 

How can you set a cookie and delete a cookie from within a Servlet?

//to add a cookie 
Cookie myCookie = new Cookie(“aName”, “aValue”); response.addCookie(myCookie); 
 
//to delete a cookie 
myCookie.setValue(“aName”, null); 
myCookie.setMax(0); 
myCookie.setPath(“/”); 
response.addCookie(myCookie); 
J2EE Servlet