Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

HTTP Session behaviour doubts


Level 2

Hi, I don't have much experience with JSP, I am trying to work with sessions in my web page and I think I am missing something:

I am trying to set some variables in my session to control some filters and parameters that my components use, I use them in Java using calls like these after sending the request to the Java class:


HttpSession session=slingRequest.getSession();

String st=(String)session.getAttribute(strArray[i]); and session.setAttribute(strArray[i],"true");


The thing I don't understand about this is that the session only seems to work after having used request.getSession() in one of the servlets called with AJAX methods, using this method in any other place (JSP or other JAVA classes) doesn't seem to make those session methods work, so to make my components work I have to manually call AJAX to create the session before using the components.

Do I have to get the session in a different way in my Java classes?


Thank you for your help,


1 Reply


Level 10

Using HTTP sessions with AEM not recommended. With respect to JCR sessions,its better to create a Session on the Java side when you need it for an API call. For example - you need a JCR Session when working with the AEM QueryBuilder API

From the front end component where you make a AJAX call - there is no need to get a Session to the JCR.(keep the logic where you need Sessions in OSGi services/servlets)

See this article as an example - where we make an AJAX  call from the front end JSP and the OSGi has a Sling Servlet where we use a Session to work with the QueryBuilder API:

Hope this helps. 


Employee Advisor


I don't think, that the behaviour of Http Sessions is somehow special to AEM, and also I don't think that the AEM implementation of it is special too.

Regarding your usecase: The general rule of thumb when working with AEM is to avoid the use of HTTP sessions, because it impacts your sites a lot in terms of performance and cachability. That's the reason why on AEM the default dispatcher ruleset implements the caching of .html files.

So if you have JSPs, which render a page, and this page is stored on the dispatcher, the JSP is not executed anymore on subsequent requests of this page. The situation is different when you work with AJAX (.json or whatever extension you choose), because these requests are not cached and still executed on server side.

kind regards,


Level 2

So, what do you suggest to use to handle dynamic parts related to the user instead of the session?

I was thinking about using cookies but I think it would have the same problem with caches, would it be better to make the page not related to the session so that the page could be cached, and change its content afterwards with AJAX and JSON?


Thank you for your help.




Employee Advisor

Hi Juan,

it would be best, if you can design your application in that way, that the state is minimized, and can be transferred using JSON. Then you can cache the page itself and augment it with the user-specific data.

But of course you can also decide not to cache HTML pages at all and render everything on-the-fly. This decision should be made very carefully, because it has huge impact on performance of your site.