Professional Documents
Culture Documents
Cognitive:: TOPIC TITLE: Session Management Specific Objectives
Cognitive:: TOPIC TITLE: Session Management Specific Objectives
SPECIFIC OBJECTIVES:
At the end of the topic session, the students are expected to:
Cognitive :
Affective:
1. Participate in group activities.
2. Be attentive to the teacher’s lectures and demonstrations.
3. Participate in class and group discussions.
Psychomotor:
1. Develop a web application that demonstrates the use of Session
and Cookie objects.
MATERIALS/EQUIPMENTS:
o OHP
o Topic slides
TOPIC PREPARATION:
TOPIC PRESENTATION:
The topic will revolve around Session Management, Session API, Cookie
API and Cookie Implementation.
javax.servlet.http
<<interface>> <<interface>>
HttpServlet
request HttpServletRequest response HttpServletSession
service getSession(create:boolean)
getID() : String
doGet getSession()
isNew() : Boolean
doPost
getAttribute(name) : Object
setAttribute(name, value)
removeAttribute(name)
MyServlet
This session object allows you to store, retrieve and remove attributes.
The servlet has access to the session object through the getSession()
method of the HttpServletRequest object. The API is represented above.
Provides a way to identify a user across more than one page request or
visit to a Web site and to store information about that user.
A servlet should be able to handle cases in which the client does not
choose to join a session, such as when cookies are intentionally turned
off. Until the client joins the session, isNew() returns true. If the client
chooses not to join the session, getSession() will return a different
session on each request, and isNew() will always return true.
Method Summary
Return Type Description
Object getAttribute(String name)
Returns the object bound with the
specified name in this session, or null if no
object is bound under the name.
Enumeration getAttributeNames()
Returns an Enumeration of String
objects containing the names of all the objects
bound to this session.
long getCreationTime()
Returns the time when this session was
created, measured in milliseconds since
midnight January 1, 1970 GMT.
String getId()
Returns a string containing the unique
identifier assigned to this session.
long getLastAccessedTime()
Returns the last time the client sent a
request associated with this session, as the
number of milliseconds since midnight January
1, 1970 GMT, and marked by the time the
{
response) throws IOException //Create the HttpSession object
//Create the HttpSession object
HttpSession session = request.getSession();
HttpSession session =
request.getSession();
The getSession() method returns the current session associated with this
request or if the request does not have a session, the getSession()
method creates one. You can test whether the session object has just
been created using the isNew() method. If the session object already
Session Management * Property of STI
Page 3 of 11 exists, the every call to the getSession() method will return the same
object.
Take note that only one session object will be created for a given client
within a single Web application.
<session-config>
<session-timeout>10</session-timeout>
<session-config>
The Web container keeps track of the last time the user interacted with
the Web application, which is known as the inactive interval. If a given
session has been inactive for longer than the time-out parameter, then
the Web container has the authority to invalidate that session. The time-
out parameter specified in the deployment descriptor applies to all
sessions within that Web application. The Session API allows you to
control the length of the inactive interval for a specific session object.
You can use the setMaxInactiveInterval() method to change the inactive
interval (in seconds) for the session object.
3. Control the length of the inactive interval for a specific session object
using the setMaxInactiveInterval() method
session.setMaxInactiveInterval(50);
All Cookies for that domain (and path) are sent in every request
to that Web server.
Cookies have a lifespan and are flushed by the client browser at the end
Session Management * Property of STI
Page 7 of 11
of that lifespan.
Page 9 of 11
Cookie API
javax.servlet.http
<<interface>>
HttpServlet Cookie
request HttpServletResponse
cookies
service addCookie(Cookie)
<<properties>>
doGet
name : String <<RO>>
doPost
<<interface>> cookies value : String <<RW>>
HttpServletRequest comment : String <<RW>>
Later when the visitor returns, your servlet can access the “yourname”
Cookie using the following code:
Cookie[] allCookies =
HTTP Cookies can be used to perform session management. The Web
request.getCookies();
for(int i=0; i < allCookies.length;
i++)
container could store the session ID on the client machine. While the
{
if(allCookies[i].getName().equals(″y session is still active, every HTTP request from the client includes the
ourname″);
{
name = allCookies[i].getValue();
session ID Cookie that was stored on the client’s machine. When the
}
}
getSession() method is called, the Web container uses the session ID
Cookie information to find the session object.
EVALUATION:
o Ask the students to perform the laboratory exercise for this topic.
REFERENCES: