I have a (browser based) web application. On each page, I want to have a little label and link in a corner that displays the user's username and other account information along with a logout button. The information that will be displayed is immutable.
Should I store that account information in session attributes when a user logs in and forget about it or should I use a filter/interceptor and load it on each request in the request attributes?
I would use a Session, as the information is sensitive. So the information displayed in your case would be (Account Information and UserName.) If it was only the UserName I would have thought of Request Scope, but since it is Account Information (Assuming Account numbers, etc) I would go for a session. Once the session is out, the user needs to log in again.
Or I would not display anything but the userName and the logout button.
You could do both,
If your application is big, and you choose to load the user's account info and display it on the page, it will cost you an sql query per page, which is an overhead.
To escape the overhead of making same sql query per page, use sessions!
