session tracking in servlets - sns courseware
TRANSCRIPT
Session Tracking in Servlets
• Session simply means a particular interval of time.
• Session Tracking is a way to maintain state (data) of an user. It
is also known as session management in servlet.
• Http protocol is a stateless so we need to maintain state using
session tracking techniques. Each time user requests to the
server, server treats the request as the new request. So we need
to maintain the state of an user to recognize to particular user.
• HTTP is stateless that means each request is considered as the
new request.
Session Tracking Techniques
There are four techniques used in Session tracking:
1. Cookies
2. Hidden Form Field
3. URL Rewriting
4. HttpSession1
16CS302/Internet Programming/Session
Handling – Understanding
Cookies/K.Maheswari AP/CSE
• whenever a user starts using our application, we can save a unique
identification information about him, in an object which is available
throughout the application, until its destroyed.
• So wherever the user goes, we will always have his information and
we can always manage which user is doing what. Whenever a user
wants to exit from your application, destroy the object with his
information.
2
16CS302/Internet Programming/Session
Handling – Understanding
Cookies/K.Maheswari AP/CSE
<form method="post" action="Validate">
User: <input type="text" name="user" /><br/>
Password: <input type="text" name="pass" ><br/>
<input type="submit" value="submit">
</form>
4
16CS302/Internet Programming/Session
Handling – Understanding
Cookies/K.Maheswari AP/CSE
Index.html
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class Validate extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse
response) throws ServletException, IOException
{
response.setContentType("text/html;charset=UTF-8");
String name = request.getParameter("user");
String pass = request.getParameter("pass");
if(pass.equals("1234"))
{
//creating a session
HttpSession session = request.getSession();
session.setAttribute("user", name);
response.sendRedirect("Welcome"); } }}
5
16CS302/Internet Programming/Session
Handling – Understanding
Cookies/K.Maheswari AP/CSE
Validate.java
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class Welcome extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse
response) throws ServletException, IOException
{
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
HttpSession session = request.getSession();
String user = (String)session.getAttribute("user");
out.println("Hello "+user);
}
}
6
16CS302/Internet Programming/Session
Handling – Understanding
Cookies/K.Maheswari AP/CSE
16CS302/Internet Programming/Session
Handling – Understanding
Cookies/K.Maheswari AP/CSE
7
<web-app..>
<servlet>
<servlet-name>Validate</servlet-name>
<servlet-class>Validate</servlet-class>
</servlet>
<servlet>
<servlet-name>Welcome</servlet-name>
<servlet-class>Welcome</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Validate</servlet-name>
<url-pattern>/Validate</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Welcome</servlet-name>
<url-pattern>/Welcome</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
</web-app>
Web.xml
Cookies
• small piece of information that is persisted between the multiple client
requests name, a single value, and optional attributes such as a comment,
path and domain qualifiers, a maximum age, and a version number.
• A web server can assign a unique session ID as a cookie to each web
client and for subsequent requests from the client they can be recognized
using the received cookie.
• used for storing client state
8
16CS302/Internet Programming/Session
Handling – Understanding
Cookies/K.Maheswari AP/CSE
Types of Cookie
There are 2 types of cookies in servlets.
1. Non-persistent cookie
2. Persistent cookie
Non-persistent cookie
It is valid for single session only. It is removed each time when
user closes the browser.
Persistent cookie
It is valid for multiple session . It is not removed each time when
user closes the browser. It is removed only if user logout or
signout.
Advantage of Cookies
1. Simplest technique of maintaining the state.
2. Cookies are maintained at client side.
Disadvantage of Cookies
1. It will not work if cookie is disabled from the browser.
2. Only textual information can be set in Cookie object.9
16CS302/Internet Programming/Session
Handling – Understanding
Cookies/K.Maheswari AP/CSE
create Cookie
Cookie ck=new Cookie("user","sony");//creating cookie object
response.addCookie(ck);//adding cookie in the response
delete Cookie
Cookie ck=new Cookie("user","");//deleting value of cookie
ck.setMaxAge(0);//changing the maximum age to 0 seconds
response.addCookie(ck);//adding cookie in the response
12
16CS302/Internet Programming/Session
Handling – Understanding
Cookies/K.Maheswari AP/CSE
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class FirstServlet extends HttpServlet {
public void doPost(HttpServletRequest request, HttpServletResponse response){
try{
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String n=request.getParameter("userName");
out.print("Welcome "+n);
Cookie ck=new Cookie("uname",n);//creating cookie object
response.addCookie(ck);//adding cookie in the response
//creating submit button
out.print("<form action='servlet2'>");
out.print("<input type='submit' value='go'>");
out.print("</form>");
out.close();
}catch(Exception e){System.out.println(e);}
} } 14
16CS302/Internet Programming/Session
Handling – Understanding
Cookies/K.Maheswari AP/CSE
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class SecondServlet extends HttpServlet {
public void doPost(HttpServletRequest request, HttpServletResponse response){
try{
response.setContentType("text/html");
PrintWriter out = response.getWriter();
Cookie ck[]=request.getCookies();
out.print("Hello "+ck[0].getValue());
out.close();
}catch(Exception e){System.out.println(e);}
}
} 15
16CS302/Internet Programming/Session
Handling – Understanding
Cookies/K.Maheswari AP/CSE
<web-app>
<servlet>
<servlet-name>s1</servlet-name>
<servlet-class>FirstServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>s1</servlet-name>
<url-pattern>/servlet1</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>s2</servlet-name>
<servlet-class>SecondServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>s2</servlet-name>
<url-pattern>/servlet2</url-pattern>
</servlet-mapping>
</web-app>
16
16CS302/Internet Programming/Session
Handling – Understanding
Cookies/K.Maheswari AP/CSE
Hidden Form Fields:
• a hidden (invisible) textfield is used for maintaining the state of an user
• <input type="hidden" name="sessionid" value="12345">
• we store the information in the hidden field and get it from another
servlet
• when the form is submitted, the specified name and value are
automatically included in the GET or POST data. Each time when web
browser sends request back, then session_id value can be used to keep
the track of different web browsers.
URL Rewriting
append some extra data on the end of each URL that identifies the session,
and the server can associate that session identifier with data it has stored
about that session.
http://point.com/file.htm;sessionid=12345
18
16CS302/Internet Programming/Session
Handling – Understanding
Cookies/K.Maheswari AP/CSE