Web Application Development * These slides have been adapted and modified from CoreServlets course...
-
Upload
easter-brooks -
Category
Documents
-
view
215 -
download
0
Transcript of Web Application Development * These slides have been adapted and modified from CoreServlets course...
Web Application Development
* These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed).
HTTP is a stateless protocol Every request is considered independent of every
other request
Many web applications need to maintain a conversational state with the client A shopping cart is a classic example
Example Conversations When clients at on-line store add item to
their shopping cart, how does server know what’s already in cart?
When clients decide to proceed to checkout, how can server determine which previously created cart is theirs?
Server Side? Makes Server Really Complicated State per client!
Client Side?
Server puts little notes on the client side
When client submits the next form, it also (unknowingly) submits these little notes
Server reads the notes, remembers who the client is
Credit: Programming the World Wide Web Book by Sebesta
Cookies Advantages
▪ Cookies do not require any server resources since they are stored on the client.
▪ Cookies are easy to implement. ▪ You can configure cookies to expire when the
browser session ends (session cookies) or they can exist for a specified length of time on the client computer (persistent cookies).
Disadvantages▪ Users can delete cookies. ▪ Users browser can refuse cookies, so your code
has to anticipate that possibility.
URL Rewriting Advantage
▪ Works even if cookies are disabled or unsupported
Disadvantages▪ Lots of tedious processing▪ Must encode all URLs that refer to your own
site▪ Links from other sites and bookmarks can fail
For example, the following URLs have been rewritten to pass the session id 123 Original
http://server:port/servlet/rewrite
Extra path informationhttp://server:port/servlet/rewrite/123
Added parameterhttp://server:port/servlet/rewrite?id=123
Custom changehttp://server:port/servlet/rewrite;$id$123
Hidden Fields Advantage
▪ Works even if cookies are disabled or unsupported
Disadvantages▪ Lots of tedious processing▪ All pages must be the result of form
submissions
<input type=“hidden” name=“sessionid” value=“123”>
Session objects live on the server
Automatically associated with client via cookies or URL-rewriting
Checks for a cookie or URL extra info
1. To get the user’s session object
Call getSession( ) method of HTTPServletRequest class
pass false to the getSession() method HttpSession ses = request.getSession(false);
If no current session exists:
▪ You will get a null object
1. To get the user’s session object (cont.)
If true is passed to the getSession() method then
If user already has a session
▪ the existing session is returned
For example: HttpSession ses = request.getSession(true);
If no session exists
▪ a new one is created and returned
2. Storing information in a session Session objects works like a HashMap
▪ HashMap is able to store any type of java object
You can therefore store any number of keys and their values
For example ses.setAttribute(“id”, “123”);
key Value
3. Looking up information associated with a session
String sID = (String)ses.getAttribute(“id”);
returns an Object type, so you will need to perform a type cast
4. Terminating session
Automatic
▪ After the amount of time session gets terminated automatically( getMaxInactiveInterval( ) )
Manual ses.invalidate();
HttpServletResponse provides two methods to perform encoding
1. String encodeURL(String URL)
2. String encodeRedirectURL(String URL)
If Cookies disabled Both methods encodes (rewrites) the specified URL to
include the session ID and returns the new URL
If Cookies enabled Returns the URL unchanged
1. String encodeURL(String URL)
For example
String URL = “/servlet/sessiontracker”; String eURL = response.encodeURL(URL);
out. println("<A HREF=\"" + eURL + "\">...</A>");
2. String encodeRedirectURL(String URL)
For exampleString URL = “/servlet/sessiontracker”;
String eURL = response.encodeRedirectURL(URL); response.sendRedirect(eURL);
Amazon
Servlet Container
Session ID = 123XYZ
Shopping Cart sc[item 1=324]
Request
Credit: cs193i at Standford
Amazon
Servlet Container
Session ID = 123XYZ
Shopping Cart sc[item 1=324]
Response:Set-Cookie: sid=123XYZ
Credit: cs193i at Standford
Amazon
Servlet Container
Session ID = 123XYZ
Shopping Cart sc[item 1=324]
Request:Set-Cookie: sid=123XYZ
Credit: cs193i at Standford
Amazon
Servlet Container
Session ID = 123XYZ
Shopping Cart sc[item 1=324 item 2=115]
Request:Set-Cookie: sid=123XYZ
Credit: cs193i at Standford
getAttribute (getValue in old servlet spec 2.1) Extracts a previously stored value from a session
object. Returns null if no value is associated with given name.
setAttribute (putValue in ver. 2.1) Associates a value with a name. Monitor changes:
values implement HttpSessionBindingListener. removeAttribute (removeValue in ver. 2.1)
Removes values associated with name.
getCreationTime Returns time at which session was first created
getLastAccessedTime
Returns time at which session was last sent from client
getMaxInactiveInterval, setMaxInactiveInterval Gets or sets the amount of time session should
go without access before being invalidated invalidate
Invalidates the session and unbinds all objects associated with it
Although it usually uses cookies behind the scenes, the session tracking API is higher-level and easier to use than the cookie API If server supports URL-rewriting, your code unchanged
Session information lives on server Cookie or extra URL info associates it with a user
Obtaining session request.getSession(true)
Associating values with keys session.setAttribute (or session.putValue)
Finding values associated with keys session.getAttribute (or session.getValue)
▪ Always check if this value is null