Академический Документы
Профессиональный Документы
Культура Документы
What is a Session?
What is Session ID? What is Session Tracking? Hidden form fields URL Rewriting Cookies Session Tracking API
Topics to be covered
Creating session Setting new Attribute in Session Deleting session data Servlet Context scope Context scope attributes Redirect to another webpage Mechanism used by sendRedirct Using RequestDispatcher Cookeis Anatomy of cookeis Seting cookies with servlet Reading cookies with Servlet
any information about the client. So server considers the next request from the same client as a fresh client, with no relation to the previous request. So HTTP protocol is called stateless protocol.
items into his cart using multiple requests. When every request is made, the server should identify in which clients cart the item is to be added. So in this scenario, there is a certain need for session tracking. Solution is, when a client makes a request it should introduce itself by providing unique identifier every time.
What is a Session?
A session is a conversation between the server and a client.
A conversation consists series of continuous request and response. A Session refers to sequence of all the requests that a single client makes to a server for a particular period. A session is specific to the user and for each user a new session is created to track all the request from that user. Every user has a separate session and separate session variable is associated with that session. In case of web applications the default time-out value for session variable is 20 minutes, which can be changed as per the requirement.
long, random and alpha-numeric string. It is transmitted between the client and the server. Session IDs are usually stored in the cookies, URLs (in case url rewriting) and hidden fields of Web pages.
the client state. But there exist a mechanism called "Session Tracking" which helps the servers to maintain the state to track the series of requests from the same user across some period of time. Different types of Session Tracking? a) Cookies b) URL rewriting c) Hidden form fields d) SSL Sessions
viewed using view source option from the browsers. This type doesnt need any special configuration from the browser of server and by default available to use for session tracking. This cannot be used for session tracking when the conversation included static resources lik html pages.
URL Rewriting
Original URL: http://server:port/servlet/ServletName Rewritten URL: http://server:port/servlet/ServletName?sessionid=7546 When a request is made, additional parameter is appended with the
url. In general added additional parameter will be sessionid or sometimes the userid. It will suffice to track the session. This type of session tracking doesnt need any special support from the browser. Disadvantage is, implementing this type of session tracking is tedious. We need to keep track of the parameter as a chain link until the conversation completes and also should make sure that, the parameter doesnt clash with other application parameters.
Cookies
Cookies are the mostly used technology for session tracking. Cookie is a key value pair of information, sent by the server to the browser. This should be saved by the browser in its space in the client computer. Whenever the browser sends a request to that server it sends the cookie along with it. Then the server can identify the client using the cookie. In java, following is the source code snippet to create a cookie: Cookie cookie = new Cookie(sessionID, 7546); response.addCookie(cookie); Session tracking is easy to implement and maintain using the cookies. Disadvantage is that, the users can opt to disable cookies using their browser preferences. In such case, the browser will not save the cookie at client computer and session tracking fails.
for the user. If a session is existing, it will return that session object, Otherwise will create a session object expicitly and returns to the client.
HttpSession ses = request.getSession(); Alternate shortcut method for request.getSession(true) HttpSession ses = request.getSession(false); this method will check whether a session is existing. If yes, then it returns the reference of that session object, Otherwise it returns 'null'.
ServletContext Scope
The context scope parameters are stored in web.xml
Interface. Signature: void sendRedirect(String url) This method is used to redirect client request to some other location for further processing ,the new location is available on different server or different context. Our web container handle this and transfer the request using browser ,and this request is visible in browser as a new request. Some time this is also called as client side redirect
Using RequestDespacher
Forward() method: ( declared in RequestDispatcher Interface ) Signature: forward(ServletRequest request, ServletResponse response) This method is used to pass the request to another resource for further
processing within the same server, another resource could be any servlet, jsp page any kind of file. This process is taken care by web container. When we call forward method request is sent to another resource without the client being informed, which resource will handle the request it has been mention on requestDispatcher. We can get by two ways either using ServletContext or Request. This is also called server side redirect. RequestDispatcher rd = request.getRequestDispatcher("pathToResource"); rd.forward(request, response); Or RequestDispatcher rd = servletContext.getRequestDispatcher("/pathToResource"); rd.forward(request, response);
Forward()
request is transfer to other resource within the same server. Web container handle all process internally and client or browser is not involved.
sendRedirect()
request is transfer to another resource to different domain or different server
container transfers the request to browser so url given inside the sendRedirect() is visible as a new request to the client. We pass request and response object so old request and response object is lost our old request object is present on new because its treated as new request by resource which is going to process our the browser. request faster then send redirect. SendRedirect is slower because completely new request is created and old request object is lost. We can use same data in new resource We cannot store the request scope data with request.setAttribute () as we have because the old request object is lost. request object available.
s)
ServletRequest but not to the getRequestDispatcher() method of ServletContext. For example, request.getRequestDispatcher("../html/copyright.html") is valid, and the getRequestDispatcher() method of ServletRequest will evaluate the path relative to the path of the request. For the getRequestDispatcher() method of ServletContext, the path parameter cannot be relative and must start with /. This makes sense because ServletRequest has a current request path to evaluate the relative path while ServletContext does not. You cannot directly forward or include a request to a resource in another web application. To do this, you need to get a reference to the Servlet-Context of the other web application using this.getServletContext().getContext(uripath). Using this servlet context reference, you can retrieve an appropriate RequestDispatcher object as usual.
Cookies
they are kept for various information tracking purpose. Java Servlets transparently supports HTTP cookies. There are three steps involved in identifying returning users:
Server script sends a set of cookies to the browser. For
example name, age, or identification number etc. Browser stores this information on local machine for future use. When next time browser sends any request to web server then it sends those cookies information to the server and server uses that information to identify the user.
Example :
javax.servlet.http.Cookie objects by calling the getCookies( ) method of HttpServletRequest. Then cycle through the array, and use getName() and getValue() methods to access each cookie and associated value.