Scribd Logo
Upload

Welcome to Scribd!

  • Session Management in Servlet - Track User State Using Cookies, HttpSession, URL Rewriting & Hidden Fields

    Uploaded by

    Mohd Kaif
    14 views37 pages
    Session management is needed in servlets because HTTP is a stateless protocol. There are four main techniques for managing sessions in servlets: cookies, HTTP sessions, hidden form fields, and URL rewriting. Cookies store a client ID on the client side. HTTP sessions store data on the server side associated with a client ID. Hidden form fields and URL rewriting pass a client ID between requests without using cookies.

    Original Description:

    Original Title

    servletsessions

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Session management is needed in servlets because HTTP is a stateless protocol. There are four main techniques for managing sessions in servlets: cookies, HTTP sessions, hidden form fields, and URL rewriting. Cookies store a client ID on the client side. HTTP sessions store data on the server side associated with a client ID. Hidden form fields and URL rewriting pass a client ID between requests without using cookies.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    14 views37 pages

    Session Management in Servlet - Track User State Using Cookies, HttpSession, URL Rewriting & Hidden Fields

    Uploaded by

    Mohd Kaif
    Session management is needed in servlets because HTTP is a stateless protocol. There are four main techniques for managing sessions in servlets: cookies, HTTP sessions, hidden form fields, and URL rewriting. Cookies store a client ID on the client side. HTTP sessions store data on the server side associated with a client ID. Hidden form fields and URL rewriting pass a client ID between requests without using cookies.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 37

    Session

    Management
    Session Tracking in
    Servlet
    Session simply means a particular interval of
    time.
    Session Tracking is a way to maintain state
    (data) of an user. It is also known as session
    management in servlet
    Http protocol is a stateless so we need to
    maintain state using session tracking techniques.
    Each time user requests to the server, server
    treats the request as the new request. So we need
    to maintain the state of an user to recognize to
    particular user.
    Session Management
    Whenever we make a request that request can
    be processed by group of Servlets and we get
    single response (in case of servlet chaining).

    In general scenario we may make much number


    of requests to many numbers of Servlets to get
    many numbers of responses.

     By default all these 'n' number of requests and


    responses are independent to each other.
    Since, the protocol which we are using is http. http
    protocol is a stateless protocol. A stateless protocol
    is one which never maintains an identity of the client
    forever.

    In order to make 'n' number of independent


    request and responses as a consecutive request
    and responses we must use the concept of session
    management or session tracking.

    Session management is a process of maintaining


    an identity of the client for a period of time for
    multiple requests to get multiple responses across
    the network.
    Session management techniques

    In order to maintain an identity of the client for a


    period of time, we have four types of session
    management techniques;

    Cookies,
    HttpSession,
    Hidden form field and
    URL rewritten.
    Cookies

    A cookie is the peace of information which


    contains an identity of the client in the form of
    (key, value) pair.
    Key always represents cookie name and
    value represents value of the cookie.

    A Cookie is the class developed according to


    http protocol specification for maintaining for
    identity of client and it is present in a package
    called javax.servlet.http.* package.
    How Cookie Works
    Type of Cookie

    There are two types of cookie in servlet:


    1. Non-persistent Cookie.
    2. Persistent Cookie
    Steps for developing Cookie
    1. Create an object of a Cookie.
    Cookie ck=new Cookie (String, Object);
    For example:
    Cookie c1=new Cookie ("fno","10");
    Cookie c2=new Cookie ("sno","20");

    2. Every cookie must be added as a part of response


    (add the cookie to response object).
    For example:
    res.addCookie (c1);
    res.addCookie (c2); //Here, c1 and c2 are Cookie class
    objects created in step-1 and addCookie () is an instance
    method present in HttpServletResponse interface.
    3. In order to get the cookies we must use the
    following method which is present in
    HttpServletRequest.

    For example:

    Cookie ck []=req.getCookies ();


    if (ck!=null) {
    pw.println ("COOKIES ARE PRESENT"); }

    else { pw.println ("COOKIES ARE NOT


    PRESENT"); }
    4. In order to obtain cookie name, cookie value
    and to set its age we have to use the following
    methods:
    public String getName ();
    public Object getValue ();
    public void setMaxAge (long sec);
    public long getMaxAge ();

    Methods 1 and 2 are used for obtaining name


    and value of the cookie. Methods 3 and 4 are
    used for setting and obtaining the age of the
    cookie.
    Simple Example of
    Servlet Cookie
    In this example, we are storing the name of the
    user in the cookie object and accessing it in
    another servlet.

    As we know well that session corresponds to the


    particular user. So if you access it from too many
    browsers with different values, you will get the
    different value.
    Http Session
    Steps for developing HttpSession applications

    1. Obtain an object of
    javax.servlet.http.HttpSession interface.

    In order to obtain an object of HttpSession we


    have to use the following two methods which are
    present in HttpServletRequest
    2. Put the values into HttpSession object by
    using the following methods which are
    present in HttpSession:

    Here, String represents session variable name known as key and Object
    represents session value. In HttpSession object the data is organizing in
    the form of (key, value) pair.
    3. Get the values from HttpSession object by
    using the following methods which are present in
    HttpSession:
    Hidden flow fields

    Hidden form fields are also a kind of session


    management technique which allows us to maintain
    an identity of the client for a period of time.

    <input type="hidden" name="name of the hidden


    component" value="value of the hidden
    component">
    For example:
    <input type="hidden" name="age"
    value="req.getParameter ("age1")">
    <input type="hidden" name="skills" value="J2EE">
    URL Rewriting
     Web browsers may refuse to save cookies
     Therefore, Servlet containers support session
    management through URL rewriting
     Instead of passing the session key in a cookie,
    the key is concatenated to the request URL
     Pages should contain dynamically created links
    for site navigation
     thus,
    users are oblivious to the session
    management
    URL Rewriting

    request request
    (no cookie)
    id2 SSeerrv
    response response
    id1 vlleett
    Web
    browser 1 Session
    Web server read/write

    <HTML>…
    <A HREF=“servletURL;sessID=id1”>
    GET servletURL;sessID=id1 HTTP/1.0
    …</HTML>
    The first request to Servlet
    GET /dbi-servlets/Store HTTP/1.1
    Accept: */*
    Host: localhost
    Connection: Keep-Alive
    Response:
    HTTP/1.1 200 OK
    Set-Cookie: JSESSIONID=850173A82D7A7C66B28AF6F337AF73AD; Path=/dbi
    Content-Type: text/html
    Content-Length: 402
    Server: Apache-Coyote/1.1
    Next request to Servlet:
    GET /dbi-servlets/Store HTTP/1.1
    Accept: */*
    Host: localhost
    Connection: Keep-Alive
    Cookie: JSESSIONID=850173A82D7A7C66B28AF6F337AF73AD

    Response:
    HTTP/1.1 200 OK
    Content-Type: text/html
    Content-Length: 330
    Server: Apache-Coyote/1.1
    Servlet URL Rewriting
     Use the following methods of the doXXX response object to
    rewrite URLs:
    - String encodeURL(String url)
     Use for HTML hyperlinks
    - String encodeRedirectURL(String url)
     Use for HTTP redirections
     These methods contain the logic to determine whether
    the session ID needs to be encoded in the URL
     For example, if the request has a cookie, then url is returned
    unchanged
     Some servers implement the two methods identically
    Example:
    <html><head><link rel="stylesheet" type="text/css"
    href="cartstyle.css"></head><body>
    Hello new visitor!<br><br>
    Your Shopping Cart:<ol><i> </i></ol>
    <form method="POST“ action=
    "ShoppingCart;jsessionid=2409D7C062C6E32E2B4F28EAB1
    36E7F8">
    Add item:<input name="item" type="text">
    <input type="submit" value="send"><br><br><input
    type="submit" value="Empty Cart" name="clear"></form>
    </body></html>
    Reference
     Representation and Management of Data on the Internet (67633),
    Yehoshua Sagiv, The Hebrew University - Institute of Computer
    Science.

    You might also like