Session Related Interview Questions in Java

In this article, I am going to share Session Related Interview Questions in Java frequently asked on Interview. You can expect many questions from this topic in the interview.

Q1. What is a Session?

  • A session is a period of time where the user sends multiple requests and receives multiple responses.
  • If you are developing any web application then a client may send multiple requests with some information.
  • The information sent by the client with one request will not be accessed in another request.
  • Session means the duration when the client is accessing the application first time and when the client is leaving the application.
  • If you want to access the data of one request into another request then you need to manage the SESSION.

Q2. How you can manage a session in the web application?
If you want to manage the SESSION in the WEB application, you have to do two things.

    • Identify the client
    • Manage the conversational state(Storing the client-specific information).

Q3. What is the use of Session id?
To identify the client as new or old, the container will use Session id.

Q4. What is the use of the HttpSession object?
HttpSession object is used to store clients conversational state or data. You have to use the HttpSession object.

Q5. How the HttpSession object will be created?
HttpSession object will be created by the container when you call getSession() method the first time.
HttpSession session = request.getSession();

Q6. Explain how session works?
The basic concept of a session, whenever a user starts using your application, we can save unique identification information about that, in an object until it destroyed. So wherever the user goes, we will always have his information and we can always manage which user is doing what. Whenever a user wants to exit from your application, destroy the object with his information.

Q7. Explain the implementation inside the getSession() method?
class HttpServletRequestImpl implements HttpServletRequest
public HttpSession getSession()

  • checks whether the incoming request contains the cookie with name JSESSIONID or not.
  • If the incoming request contains the Cookie with name JSESSIONID then collects the value of the cookie which is Session id and picks the session object related to session id.
  • If the incoming request does not contain the cookie with name JSESSIONID then following steps with happen:-
    1. create a session object. HttpSession session= request.getSession();
    2. Generates a unique session id. String id= <Hexadecimal_OF_ClientIPADD>+<Hexadecimal_OF_CurrentTimeStamp>+<Hexadecimal_OF_ServletTimeStamp>;
    3. stores the session id in session object. Session.setId(id);
    4. create the cookie with the name JSESSIONIDCookies c = new Cookies(“JSESSIONID”, id);
    5. Adds the cookie to the response object.Res.addCookie(c);
  • Returns the Session object


Q8. What are the techniques for session management?
There are 4 session management techniques and they are the following:

  1. HttpSession
  2. Cookies
  3. Url-Rewriting
  4. Hidden Fields

Q9. How you can store the client’s conversational data?
You can store the client’s conversational data with the use of

  1. HttpSession
  2. Cookies

Q10. How you can carry the Session id?
You can carry the session-id by

  1. Cookies
  2. Url-Rewriting
  3. Hidden fields

Q11. What is HttpSession?
Ans: HttpSession is an interface available in a Javax.servlet.HTTP package.

Q12. How you can get the HttpSesion object of HttpServletRequest?
Ans: You can get the HttpSession object with the following methods of HttpservletRequest.

  • HttpSession getsession();
  • HttpSession getSession(boolean)

Q13. Explain the functionility of HttpSession getSession(boolean) method?
Ans: If the boolean value of HttpSession getSession(boolean) is true:-
HttpSession s =req.getSession(true); then following things will happen.

if(session object available) then
return that
create a new session object and return

If the boolean value is false as:-
HttpSession s = req.getSession(false); then following thing will happen:

if(session object available) then
return that
return null

Q14. What are the methods by which you can store and access the user-specific data in HttpSession object as an attribute?
You can store and access the user-specific data in HttpSession object as an attribute with the following methods:

  1. void setAttribute(String Object)
  2. Object getAttribute(String)
  3. void removeAttributes(String)
  4. Enumeration getAttributeNames()

Q15 How you can destroy the HttpSession object?
You can destroy the HttpSession object by calling invalidate() method:

Q16. How can you check whether session object returned by getSession() is old or new?
Using boolean is new() method.

Q17. How can I get the session associated with the session object?
using getId() method.

Q18. How can I get the session creation time?
using getCreationTime() method.

Q19. How can I find the Session available?
using getSession(false);
By calculating the time difference between the session creation time and the current time.

Q20. How can I access when the session was accessed last time?
using getLastAccessedTime();

Q21. How can I specify the idle timeout (or) inactive interval?
you can specify the idle timeout in two ways:

  1. setMaxInactiveInterval(int) in terms of seconds
  2. specify the following tags in web.xml<session-config><session-timeout>5</session-timeout><session-config>// interms of min

Q22. Can i access the Servletcontext with session.
Yes, you can with the following method: ServletContext getServletContext();

Q23. How the session is created in the JSP page?
In every JSP, by default getSession() will be called. ie. When you request for any JSP then session object will be created automatically without your calling the getSession() method.

Q24. Is there a way to disable automatic session creation in JSP?
You want you can disable the automatic session creation by specifying the following tag:
<%@ page session=”false” %>

Q25 What are cookies in a web application?

  1. Cookies is a class available in a javax.servlet.HTTP package.
  2. Cookies are simple information with name and value.
  3. Normally cookie’s will be created at server machine and persist at a client machine.
  4. Cookies created at server machine will come to the client machine and persist at the client machine,
  5. Cookies persistent at client machine will go to server machine along with HttpRequested.

Q26. How to create the cookies object?
Cookies ck= new Cookies(“email”, [email protected]);

Q27. How to add cookies to response?
To add cookies to response by response.addCookie(ck);

Q28 How you can access cookies from the request?
You can access cokkies from the request by
Cookies ck[] = request.getCookies();

for(Cookies c:ck)

String cn= c.getName();

String cv= c.getValue();

System.out.println(“cn+ “ ”+ cv);

Q29. How you can specify the expiry time for cookies?
Ans: using setMaxAge() method;

Q30. What is JSESSIONID and it uses?

  1. The container uses Session id to identify the client as old or new.
  2. Container send the session id to the client machine with the cookies with name JSESSIONID
  3. Sometimes, you may get problems with cookies.
  • When your browser is not supporting the cookies.
  • When the client deletes the cookies.
  • When any problem happens to cookies then request will not carry the cookie with name JSESSIONID
  • if a request is coming without JSESSIONID cookies then the container will treat that client as new and provides the new session object and new session-id i.e, Client is losing the previous session,

Object and conversational data available in that session object

Q31. What is URL_Rewritng or encoding the URL?

  1. URL_Rewritng is the process of attaching the session id to the URL. It is also called the encoding the URL.
  2. To encode the URL, use the following.
    1. response.encodeURL(“…..”);
    2. response.encodeURL(“ …”);

Q32. What is encodeUrl() method use?
encodeUrl() method takes the URL as a parameter and it will generate the following URL after encoding.;JSESSIONID=A12jkd6d57s

Q33. What is the use of URL-Rewriting or hidden fields?
You can use URL-Rewriting or hidden fields to carry the session id from client to server and from server to client.

Q34. What is the hidden field?
You can store the session id in the hidden fields as follows.<input type=”hidden” name=”JSESSIONID” value=”<%=session.getId()%>”

Q35. Name the web application technologies where no need to implement URL-Rewriting concept?
When you are developing any web application using Struts, JSP, Spring MVC frameworks then you no need to implement URL-Rewriting concept. These frameworks have inbuilt support for it.

Q36. What is session hijacking?
If your application is not very secure then it is possible to get access to the system after acquiring or generating the authentication information. Session hijacking refers to the act of taking control of a user session after successfully obtaining or generating an authentication session ID. It involves an attacker using captured, brute forced or reverse-engineered session IDs to get control of a legitimate user’s Web application session while that session is still in progress.

Q37 What is Session Migration?
Session Migration is a mechanism of moving the session from one server to another in case of server failure. Session Migration can be implemented by:
a) Persisting the session into database
b) Storing the session in-memory on multiple servers.

That’s all about Session Related Interview Questions in Java. I have covered almost everything as per my knowledge for both freshers and experienced with 0 to 5 years, so prepare well for the Java interview Questions, I suggest you take a look on more Java Programming Interview Questions with answers on different topics of the core java posted in this xadmin website. Keep Learning!  All the Best!