Web Programming and & User Interface Design Week 3

Learning Objectives  Server side Validation with Login form  Introduction to Sessions  Java Server Pages and MVC architecture .

INTRODUCTION TO Sessions .

Objectives To review the problem that the HTTP connectionless environment poses for ECommerce  Solution 1: hidden fields  Solution 2: cookies  Solution 3. session control  .

ca/demo/servlet/HelloWorld Internet HTTP Server servlet/HelloWorld Tomcat App.Websphere Java Servlet Request Processing Client Browser HTML http://eagle. Server JVM HelloWorld.class .class demo/servlet/ equates to «/demo/WEB-INF/classes/HelloWorld.acadiau.

HTTP is Connectionless  The HTTP protocol is connectionless  Knowledge of prior pages visited or. products placed in a shopping cart are easily lost  So how can server applications maintain a sense of a session with a client? ± hidden fields ± cookies ± session control . for example.

342901´>  Field name and value will be returned to the server by the client when the client submits the form request to the server .Hidden Fields in HTML    Solution comes from CGI period Server hides session information within HTML returned to the client FORM field INPUT type can be set to ³hidden´ <INPUT TYPE=³hidden´ NAME=³itemsbought´ VALUE=³209087.

Hidden Fields in HTML  Problems with this method? ± User can see the hidden info (use source view) ± Causes a lot of additional HTTP traffic ± Session info is lost if HTML (that contains hidden fields) is lost .

Servlets and Cookies   Solution comes from CGI period but has evolved with Java servlets Servlets send a small piece of data to the client that gets written to a secure disk area: How does the servlet do this? Cookie c = new Cookie(name. response. value).addCookie(c)   So the session data (products placed in the users shopping cart) can be stored in cookie Or simply an ID can be placed in the cookie and the server can maintain the session data .addCookie(c) response.

setPath( / ).setDomain( c.ca ). value).acadiau.setDomain( eagle. c.  Could be more specific if desired « the above is the default .setPath( c.Servlets and Cookies  Client browsers will check to see if there is a cookie associated with any request to a server (URL) or a particular server/path « The server can establish the URL specifics: specifics: Cookie c = new Cookie(name. c.

Servlets and Cookies  Whenever a new request is sent to the server it checks to see if a cookie is included: included: Cookie[] cookies = request.length. i++) { (int cookies.getValue(). c. request. String value = c. } . Cookie c = cookies[i].getValue().getName(). cookies[i String name = c. c. for (int i = 0.getCookies().getCookies(). i < cookies.getName().length.

size (4k bytes) ± Maximum number of cookies set by browser ± User may disable cookie acceptance ± Can be inefficient communications in terms of data .Servlets and Cookies  Problems with this method? ± Cookies have limit life (servlet. browser) and servlet.

Servlets and Sessions Solution is most commonly used with Java servlets and JSPs  The Servlet JDK comes with HTTP class that facilitates session management HttpSession  A session is a connection between a client and server that persists over multiple HTTP request / responses  .

req.    If parameter = ³true´ the servlet engine checks to see if an session already exists. if so a handle is returned.Servlets and Sessions  A new session is established by using the getSession() getSession() method of HttpSession class: class: HttpSession session = req.getsession(true). more than one servlet can participate in a session Cookies are used to identify a session on the client . otherwise a new session is created Therefore.getsession(true).

getString("sessions.getId()).println(new Date(session.println(rb.getString("sessions. out. .getString() with ASCII text for your own purposes] out. out. out. out.getLastAccessedTime())).getCreationTime()) + "<br>").println(new Date(session.println("<br>"). [NOTE: rb is a resource bundle class replace rb.println(rb.getSession().lastaccessed") + " ").id") + " " + session. out.println(rb.getString("sessions.Servlets and Sessions Session objects contain various information: HttpSession session = request.created") + " ").

if (dataName != null && dataValue != null) { (dataName session.setAttribute(dataName.getAttribute(name). dataValue). session.Servlets and Sessions    Data stored as attribute-value pairs attributeThree key HttpSession methods: ± setAttribute(dataName. dataValue) setAttribute(dataName.getAttributeNames().getParameter("dataname"). session.println(name out. request.getAttributeNames().setAttribute(dataName. getAttribute(dataName) getAttributeNames().getParameter("datavalue"). getAttribute(dataName) Examples: String dataName = request.println(name + " = " + value + "<br>").toString(). } . "<br>").nextElement(). while (names. session.getParameter("dataname").getParameter("datavalue").toString(). String dataValue = request.getAttribute(name). dataValue). out.hasMoreElements()) String name = (String) names.hasMoreElements()) { (names. dataValue) ± getAttributeNames().nextElement(). names. String value = session. } Enumeration names = session. request.

THE END .