8/12/2019 Session Tracking in Servlet
1/17
8/12/2019 Session Tracking in Servlet
2/17
Introduction Web server forget what you are, after sending a response HTTP is stateless: When it gets a page request, it has no memory
of any previous requests from the same client
This makes it difficult to hold a conversation Typical example: Putting things one at a time into a shopping cart,
then checking out--each page request must somehow be associatedwith previous requests
The server must be able to keep track of multiple conversations withmultiple users
Session tracking is keeping track of what has gone before inparticular conversation Since HTTP is stateless, it does not do this for you
We have to do it yourself, in your servlets
8/12/2019 Session Tracking in Servlet
3/17
Options to track Clients Interaction Use a stateful session enterprise java bean
Every time requests comes in, servlet should locate
clients stateful bean. Use a database
Store user information in database.
Use an HttpSession
Its object can hold conversational state across multiplerequests from the same client.
8/12/2019 Session Tracking in Servlet
4/17
URL rewriting- If client wont take cookies, you can use URL rewriting as abackup.
Hidden fields- It can be used to store a unique ID.- HTML forms can have an entry like the
This entry means that, when the form is submitted, thespecified name and value are automatically included in theGET or POST data.
-Not applicable to static pages. Only works for dynamicpages generated after form submission.
8/12/2019 Session Tracking in Servlet
5/17
How Sessions works
8/12/2019 Session Tracking in Servlet
6/17
8/12/2019 Session Tracking in Servlet
7/17
8/12/2019 Session Tracking in Servlet
8/17
Problem : How does container
know who the client is Idea is simple : On first request the Container
generates a unique session ID and gives it back to theclient.
Then client sends back the session ID with eachsubsequent request.
Container seees the ID, finds the matching session andassociates the session with the request.
8/12/2019 Session Tracking in Servlet
9/17
How client and Container exchange
Session ID Container generates session ID for the client as a part
of response
Client has to send back the session ID as a part ofrequest.
Simplest way is cookies.
8/12/2019 Session Tracking in Servlet
10/17
8/12/2019 Session Tracking in Servlet
11/17
Container does all cookie work HttpSession session=request.getSession();
This method creates a session, it also cause cookie to
be sent with the response for the first time.
-we dont generate unique session ID
-we dont make the new Cookie object
-we dont associate the session ID with the cookie.
-we dont set the Cookie into the response
8/12/2019 Session Tracking in Servlet
12/17
To know whether session already
been created or not getSession() returns a session regardless of whether
theres a pre-existing session.
Way to know if the session is new is to ask the session
- if (session.isNew())
isNew() returns true if the client has not yet respondedwith this session ID.
8/12/2019 Session Tracking in Servlet
13/17
What if Client doesnt accept a
Cookie : URL rewriting isNew() method will always return true if the cookies
are not enabled.
URL rewriting
-add the session ID to the end of all the URLs in theHTML we send back in the Response.
URL rewriting kicks in ONLY if cookies fail, and ONLYif we tell the the response to encode the URL.
out.print( click me );
8/12/2019 Session Tracking in Servlet
14/17
When to deactivate session
8/12/2019 Session Tracking in Servlet
15/17
Two ways for session timeout
1) Configuring session timeout in the DD
15
2) Setting session timeout for a specific session
session.setMexInactiveInterval (20*60);
8/12/2019 Session Tracking in Servlet
16/17
8/12/2019 Session Tracking in Servlet
17/17
Summary Even if HTTP is stateless we can keep track of clients
previous interactions by using HttpSession, Cookies,URL rewriting.
Sessions, Cookies, URL rewriting all are handled byContainer.
URL rewriting works only when cookies are disabled.
Top Related