This set of Advanced Java Multiple Choice Questions & Answers (MCQs) on “Session Management”.
1. Which of the following is used for session migration? Answer: a 2. Which of the below is not a session tracking method? Answer: b 3. Which of the following is stored at client side? Answer: d 4. Which of the following leads to high network traffic? Answer: a 5. Which of the following is not true about session? Answer: c 6. SessionIDs are stored in cookies. Answer: a 7. What is the maximum size of cookie? Answer: a 8. How can we invalidate a session? Answer: b 9. Which method creates unique fields in the HTML which are not shown to the user? Answer: c 10. Which object is used by spring for authentication? Answer: d
a) Persisting the session in database
b) URL rewriting
c) Create new database connection
d) Kill session from multiple sessions
Clarification: Session migration is done by persisting session in database. It can also be done by storing session in memory on multiple servers.
a) URL rewriting
b) History
c) Cookies
d) SSL sessions
Clarification: History is not a session tracking type. Cookies, URL rewriting, Hidden form fields and SSL sessions are session tracking methods.
a) URL rewriting
b) Hidden form fields
c) SSL sessions
d) Cookies
Clarification: Cookies are stored at client side. Hence, it is advantageous in some cases where clients disable cookies.
a) URL rewriting
b) Hidden form fields
c) SSL sessions
d) Cookies
Clarification: WRL rewriting requires large data transfer to and from the server which leads to network traffic and access may be slow.
a) All users connect to the same session
b) All users have same session variable
c) Default timeout value for session variable is 20 minutes
d) New session cannot be created for a new user
Clarification: Default timeout value for session variable is 20 minutes. This can be changed as per requirement.
a) True
b) False
Clarification: SessionIDs are stored in cookies, URLs and hidden form fields.
a) 4 KB
b) 4 MB
c) 4 bytes
d) 40 KB
Clarification: The 4K is the maximum size for the entire cookie, including name, value, expiry date etc. To support most browsers, it is suggested to keep the name under 4000 bytes, and the overall cookie size under 4093 bytes.
a) session.discontinue()
b) session.invalidate()
c) session.disconnect()
d) session.falsify()
Clarification: We can invalidate session by calling session.invalidate() to destroy the session.
a) User authentication
b) URL writing
c) HTML Hidden field
d) HTML invisible field
Clarification: HTML Hidden field is the simplest way to pass information but it is not secure and a session can be hacked easily.
a) ContextHolder
b) SecurityHolder
c) AnonymousHolder
d) SecurityContextHolder
Clarification: The SessionManagementFilter checks the contents of the SecurityContextRepository against the current contents of the SecurityContextHolder to determine whether user has been authenticated during the current request by a non-interactive authentication mechanism, like pre authentication or remember me.