Session Tracking in Servlet

8/12/2019 Session Tracking in Servlet

1/17


2/17

Introduction Web server forget what you are, after sending a response HTTP is stateless: When it gets a page request, it has no memory

of any previous requests from the same client

This makes it difficult to hold a conversation Typical example: Putting things one at a time into a shopping cart,

then checking out--each page request must somehow be associatedwith previous requests

The server must be able to keep track of multiple conversations withmultiple users

Session tracking is keeping track of what has gone before inparticular conversation Since HTTP is stateless, it does not do this for you

We have to do it yourself, in your servlets


3/17

Options to track Clients Interaction Use a stateful session enterprise java bean

Every time requests comes in, servlet should locate

clients stateful bean. Use a database

Store user information in database.

Use an HttpSession

Its object can hold conversational state across multiplerequests from the same client.


4/17

URL rewriting- If client wont take cookies, you can use URL rewriting as abackup.

Hidden fields- It can be used to store a unique ID.- HTML forms can have an entry like the

This entry means that, when the form is submitted, thespecified name and value are automatically included in theGET or POST data.

-Not applicable to static pages. Only works for dynamicpages generated after form submission.


5/17

How Sessions works


6/17


7/17


8/17

Problem : How does container

know who the client is Idea is simple : On first request the Container

generates a unique session ID and gives it back to theclient.

Then client sends back the session ID with eachsubsequent request.

Container seees the ID, finds the matching session andassociates the session with the request.


9/17

How client and Container exchange

Session ID Container generates session ID for the client as a part

of response

Client has to send back the session ID as a part ofrequest.

Simplest way is cookies.


10/17


11/17

Container does all cookie work HttpSession session=request.getSession();

This method creates a session, it also cause cookie to

be sent with the response for the first time.

-we dont generate unique session ID

-we dont make the new Cookie object

-we dont associate the session ID with the cookie.

-we dont set the Cookie into the response


12/17

To know whether session already

been created or not getSession() returns a session regardless of whether

theres a pre-existing session.

Way to know if the session is new is to ask the session

- if (session.isNew())

isNew() returns true if the client has not yet respondedwith this session ID.


13/17

What if Client doesnt accept a

Cookie : URL rewriting isNew() method will always return true if the cookies

are not enabled.

URL rewriting

-add the session ID to the end of all the URLs in theHTML we send back in the Response.

URL rewriting kicks in ONLY if cookies fail, and ONLYif we tell the the response to encode the URL.

out.print( click me );


14/17

When to deactivate session


15/17

Two ways for session timeout

1) Configuring session timeout in the DD

15

2) Setting session timeout for a specific session

session.setMexInactiveInterval (20*60);


16/17


17/17

Summary Even if HTTP is stateless we can keep track of clients

previous interactions by using HttpSession, Cookies,URL rewriting.

Sessions, Cookies, URL rewriting all are handled byContainer.

URL rewriting works only when cookies are disabled.

Session Tracking in Servlet

Documents

Transcript of Session Tracking in Servlet