Client side validation vs server side validation

Client-side validation is when the user input is validated by the browser before it is sent to the
server, which can be done using HTML attributes, JavaScript, or other scripting languages.

This type of validation has several advantages, such as providing instant feedback to the user
without reloading the page, reducing server load and bandwidth, and improving the user
interface and usability.

However, client-side validation also has some drawbacks, such as being bypassed by
disabling or manipulating the browser settings or scripts, being inconsistent across different
browsers, devices, and platforms, and being complex and time-consuming to implement and
maintain.

Server-side validation is when the user input is validated by the server after it is received
from the browser, using languages such as PHP or ASP.

This type of validation can provide a more reliable and secure validation, as it can prevent
malicious or invalid data from entering the database or affecting the server functionality.

It can also provide a more consistent and compatible validation, as it can handle different
browsers, devices, and platforms, and apply the same rules and logic.

Additionally, server-side validation can provide a more flexible and dynamic validation, as it
can access the database or other resources, and perform more complex or conditional
validations.

However, server-side validation can also cause a delay or lag in the user feedback, increase
the server load and bandwidth, and degrade the user interface and usability.

What is a Session?

A session is a time duration; it will start from the starting point of the client
conversation with the server and will terminate at the ending point of the client’s
conversation with the server. The data which we transferred from client to server
through multiple numbers of requests during a particular session then that data is
called State of the Session.

In general, in web applications, a container will prepare a request object similarly to

represent a particular user we have to prepare a separate session. In this context, to
keep track of all the session objects at the server machine we need to set explicit
mechanisms called Session Tracking Mechanisms.
Session Management in Java

Session Management is used to recognize the particular user. It is a way to maintain

the state (data) of the user about a series of requests from the same user (that is,
requests originating from the same browser) across the same period of time. Each
time the user requests to the server, the server always treats the request as the new
request.

What is Session Tracking?

In our applications sometimes we need to carry or transfer the data between multiple
forms. But in form-based applications, we are using HTTP protocol which is a
stateless protocol which means it remembers only the current conversation. For
example, if we leave the first form and enter it into the second form, we will forget
about the previous form data. But if we want to overcome this limitation and carry the
data between multiple forms, we can use any one of the following methodologies:

1. Hidden variables
2. Cookies
3. Sessions
4. A session with URL re-writing or encoding URL

Need for Session Tracking in JSP

Whenever a client makes a request, then for each request a new connection is
established to the webserver because HTTP is a stateless protocol. It is very difficult
for servers to identify that the requests are coming from the same user or not
because every time a new connection is established. In this case, the server does
not keep track of the information of the previous request if every time a new request
is made.

If we want to use variables, we have to use hidden fields given by HTML. Hidden
fields must be specified as a part of <form> and we must specify name and value
attributes. Hidden fields not displayed to the client.

Syntax: <input type=”hidden” name=”xxx” value=”yyy”/>

Advantages:

1. Hidden variables consume less memory.

2. Once we close the browser the data of hidden variables will be cleared automatically.

Disadvantages:

1. If we want to carry a huge amount of data then it will be complicated using hidden
variables.
2. Hidden variables are not recommended to carry any sensitive data.
Cookies

Cookies are also used to transfer the data between multiple form-based applications.
Simply a cookie is a small piece of information sent by the server to any client. Every
cookie will store the data in the form of key-value pair. The server will add the cookie
to the response header by using the Set-Cookie header and send it to the client.
Cookies will be stored in the browser by using the domain name of the website. The
browser can contain cookies from multiple domains. The client needs to use
HeaderCookie to get all the cookies available in the browser.

Syntax: Cookie myCookie = new Cookie(“SessionID”, “SessionValue”)

Advantage:

1. Compared to hidden variables cookies are better to transfer the data because once
we store the cookie, we can get the data on any page of the website directly.

Disadvantage:

1. If the client disables the cookies in the browser we can work with cookies.
2. For security reasons, it is not recommended to use cookies.
3. If we want to a huge amount of data between server and client it will be complicated.

URL Rewriting

By appending the sessionId at the end of the link we can rewrite the URL as follows:

http://localhost:8080/jsp/home.jsp?sessionid=”ABC”

By using this unique identifier, the server can easily identify the user which is also
known as handling the browsers. When the user clicks on the rewritten link, the
servlet gets and recognizes the SessionID by which the HTTP session will get the
Session ID.

Advantage:

1. We don’t need to pass hidden values here.

2. This method is useful even if the user has disabled cookies.
3. URL Rewriting technique is independent of the browser.

Disadvantage:

1. The client needs to append the sessionID and regenerate the URL with each
request.
2. Also, the client needs to keeps track of the unique ID until the conversation ends
between the client and the server.
 Session Object in JSP

Creating a session object means creating an object for a class that is implementing
javax.servlet.HttpSession interface. The session object is also used to transfer the
data between multiple form-based applications. In the case of servlets, we have to
write the code for creating the session object. But in JSP by default session object is
enabled whenever the client sends the request to the server internally. So, we can
write the JSP program directly to get Session information. In the JSP session is an
implicit object. But if we want to handle session object in JSP explicitly then we have
to write the following page re-directive in the JSP program:

<%@ page session=”false|true”%>

Advantage: This technique is more reliable as each user has its own unique
sessionID which is helpful to access the session data stored at the server-side.

How to get Session Object?

When the client sends the request to the server for the first time then the server
creates a session object and now the server creates a unique ID that is associated
with this session object. Then the server will create a cookie with the name
JSESSIONID which holds the session object as a value and send it to the client. If
we want to request the server to create a session object, we have to use the
following methods of request object:

HttpSession getSession(true)
HttpSession getSession(false)

Session objects are used to store the data. The session can support to stores of any
kind of data. To work with the session object and to store the data or to get the data
we have to use some set of methods.

The basis of
JSP ASP
comparison
JSP (Java Server Page) is basically a technology
ASP (Active Server Pages) is basically
that helps software developers to implement and
Definition Microsoft’s first server-side script engine for
develop dynamic web pages based on XML,
dynamically generated web pages.
HTML or other applicable document types.
In JSP, it is basically a type of Java servlet In the case of ASP, it mainly implements server-
component that is useful from the user side scripting for content generation purpose,
Architecture
interphase perspective for Java-based and these are then sent to the client’s web
applications. browsers.
ASP is not free, and a proper license is required
Cost-Effectiveness JSP is free.
(cost) for the usage purpose.
In the case of JSP, it mainly runs on the Java In the case of ASP, it is mainly implemented in
Mode of Operation Programming language and can be compiled Visual Basic language, and thus the code needs
directly at the runtime. to be interpreted, and then it can be executed.
 In the case of ASP, it handles different complex
situations and queries to produce the proper
In the case of JSP, coding is the initial step of
machine level outputs. So, it is basically an
Simplicity programming complex queries, and it is easier
advanced version of coding and other different
than programming.
approaches. Thus, it is much more complex than
JSP.
In the ASP case, database servers can be
JSP can be easily linked with any database connected easily, but the applicable add-ons
Database servers using the applicable driver library files need to be installed and used. Also, since its
for connection purpose. being based on VB, so MS SQL connection can
also be used.
Although it is costly, they provide a larger range
There is also a lot of community support for JSP of community and paid support. Normally all
Support
and its users. the ASP versions use to provide long-term
customer support.

JSP architecture gives a high-level view of the working of JSP. JSP architecture is a 3 tier
architecture. It has a Client, Web Server, and Database. The client is the web browser or
application on the user side. Web Server uses a JSP Engine i.e; a container that processes
JSP. For example, Apache Tomcat has a built-in JSP Engine. JSP Engine intercepts the
request for JSP and provides the runtime environment for the understanding and processing
of JSP files. It reads, parses, build Java Servlet, Compiles and Executes Java code, and
returns the HTML page to the client. The webserver has access to the Database. The
following diagram shows the architecture of JSP.

Now let us discuss JSP which stands for Java Server Pages. It is a server-side technology. It
is used for creating web applications. It is used to create dynamic web content. In this JSP
tags are used to insert JAVA code into HTML pages.

It is an advanced version of Servlet Technology. It is a Web-based technology that helps us

to create dynamic and platform-independent web pages. In this, Java code can be inserted in
HTML/ XML pages or both. JSP is first converted into a servlet by JSP container before
processing the client’s request. JSP Processing is illustrated and discussed in sequential steps
prior to which a pictorial media is provided as a handful pick to understand the JSP
processing better which is as follows:
Step 1: The client navigates to a file ending with the .jsp extension and the browser initiates
an HTTP request to the webserver. For example, the user enters the login details and submits
the button. The browser requests a status.jsp page from the webserver.

Step 2: If the compiled version of JSP exists in the web server, it returns the file. Otherwise,
the request is forwarded to the JSP Engine. This is done by recognizing the URL ending with
.jsp extension.

Step 3: The JSP Engine loads the JSP file and translates the JSP to Servlet(Java code). This is
done by converting all the template text into println() statements and JSP elements to Java
code. This process is called translation.

Step 4: The JSP engine compiles the Servlet to an executable .class file. It is forwarded to the
Servlet engine. This process is called compilation or request processing phase.

Step 5: The .class file is executed by the Servlet engine which is a part of the Web Server.
The output is an HTML file. The Servlet engine passes the output as an HTTP response to the
webserver.

Step 6: The web server forwards the HTML file to the client’s browser.

Servlet technology is used to create a web application. A servlet is a Java class that is used to
extend the capabilities of servers that host applications accessed by means of a request-
response model. Servlets are mainly used to extend the applications hosted by web services.

JSP is used to create web applications just like Servlet technology. A JSP is a text document
that contains two types of text: static data and dynamic data. The static data can be expressed
in any text-based format (like HTML, XML, SVG, and WML), and the dynamic content can
be expressed by JSP elements. Difference between Servlet and JSP
The difference between Servlet and JSP is as follows:
Servlet
Servlet is a java code.
Writing code for servlet is harder than JSP as it
is HTML in java.
Servlet plays a controller role in the ,MVC
approach.
Servlet is faster than JSP.
Servlet can accept all protocol requests.
In Servlet, we can override the service()
method.
In Servlet by default session management is
not enabled, user have to enable it explicitly. enabled.
In Servlet we have to implement everything
like business logic and presentation logic in
just one servlet file.
Modification in Servlet is a time-consuming
compiling task because it includes reloading, JSP modification is fast, just need to click the
recompiling, JavaBeans and restarting the
server.
It does not have inbuilt implicit objects.
There is no method for running JavaScript on While running the JavaScript at the client
the client side in Servlet.
Packages are to be imported on the top of the
program.
It can handle extensive data processing.
The facility of writing custom tags is not
present.
Servlets are hosted and executed on Web
Servers.
JSP
JSP is a HTML-based compilation code.
JSP is easy to code as it is java in HTML.
JSP is the view in the MVC approach for
showing output.
JSP is slower than Servlet because the first
step in the JSP lifecycle is the translation of
JSP to java code and then compile.
JSP only accepts HTTP requests.
In JSP, we cannot override its service()
method.
In JSP session management is automatically
In JSP business logic is separated from
presentation logic by using JavaBeansclient-
side.
refresh button.
In JSP there are inbuilt implicit objects.
side in JSP, client-side validation is used.
Packages can be imported into the JSP
program (i.e, bottom , middleclient-side, or
top )
It cannot handle extensive data processing
very efficiently.
The facility of writing custom tags is
present.
Before the execution, JSP is compiled in Java
Servlets and then it has a similar lifecycle as
Servlets.