Managing States

HTTP

- Way of clients and server speaks

- Messenger of web in short
- Stateless – no memory like finding dory, it doesn’t remember the clients
request and response

Because HTTP is stateless there are 4 traditional techniques to manage states

and let HTTP become stateful.

- Login Pages
o URL Rewriting – use when you want to link urls or links
 Only applicable on GET method, not applicable for POST due
to:
 Lengthy data
 Security issues
 Placed in <a href=”place URL here of GET”>Some Text</a>
 Data acquired through getParameter() with ServletRequest
 URL have limited symbols that you can use because other
symbols are used on HTML code
o Hidden Fields – used when you want to pass passwords
 Use on post method because password is hidden
 Data acquired through getParameter() with ServletRequest
o Cookies
 Server -> Client (Request, Response)
 request.getCookie() to remember the cookie that the
client requested
 The name and value pairs are saved in the clients computer
 J Session ID – Lets say you login to chinabank every time
you input a username and password the server throws a
response which is “cookie” the cookie tries to remember your
username and password that creates a name and values pair
which is the J session ID
 Now if you connect to a public wifi and access your
bank account there is a high possibility of “Session
Hijacking” – a “sniffer” is used to pretend a web
action on the URL’s J session ID
 In short summary do not log in to banking sites on a
closed or public network
 Session id (name) – stored in your computer’s harddrive or
clients computer
o HTTPSession Objects
 The name and value pairs are saved in the server
 Session data (value) stored on the server
 You don’t instantiate HTTPSession object because it a
interface instead you run it through the request method.