session tracking and cookies
Post on 30-May-2018
220 Views
Preview:
TRANSCRIPT
-
8/9/2019 Session Tracking and Cookies
1/23
1
Session Tracking
-
8/9/2019 Session Tracking and Cookies
2/23
State Management
State management means remembering client
information across calls.
In web applications state management is
must.
2
-
8/9/2019 Session Tracking and Cookies
3/23
3
Persistent information
A server site typically needs to maintain two kindsofpersistent (remembered) information:
- Information about the session
A session starts when the user logs in or otherwise identifies
himself/herself, and continues until the user logs out or
completes the transaction (for example, makes a purchase)
- Information about the user
U
ser information must generally be maintained much longerthan session information (for example, remembering a
purchase)
This information must be stored on the server, for example
on a file or in a database
-
8/9/2019 Session Tracking and Cookies
4/23
-
8/9/2019 Session Tracking and Cookies
5/23
5
Session tracking solutions
Cookies are small files that the servlet can
store on the client computer, and retrieve later
URL
rewriting: You can append a uniqueID
after the URL to identify the user
Hidden fields can be used to store a
unique ID Javas Session Tracking API can be used to do
most of the work for you
-
8/9/2019 Session Tracking and Cookies
6/23
6
Hidden fields
Advantage:
- Requires the least knowledge: All you need to
know is how to read and write parameters
Disadvantages:
- Not kept across sessions, so useless for maintaining
persistent information about a user
- Since the session ID must be incorporated into
every HTML page, every HTML page must be
dynamically generated
-
8/9/2019 Session Tracking and Cookies
7/23
7
Cookies
A cookie is a small bit of text sent to the client
that can be read again later
- Limitations (for the protection of the client):
Not more than 4KB per cookie (more than enough in
general)
Not more than 20 cookies per site
Not more than 300 cookies total
-
8/9/2019 Session Tracking and Cookies
8/23
Cookies
Cookie is sent to client through Response
object.
The browser returns cookies to the servlet by
adding fields to HTTP request headers.
-
8/9/2019 Session Tracking and Cookies
9/23
9
Using cookies
import javax.servlet.http.*; Constructor: Cookie(String name, String value)
Assuming requestis an HttpServletRequest and response is
an HttpServletResponse,
-response.addCookie(cookie);
- Cookie[ ] cookies = request.getCookies();
String name = cookies[i].getName();
String value = cookies[i].getValue(); There are, of course, many more methods in
the HttpServletRequest,HttpServletResponse, and
Cookie classes in the javax.servlet.http package
-
8/9/2019 Session Tracking and Cookies
10/23
10
Some more Cookie methods
public void setComment(String purpose)
- public String getComment()
public void setMaxAge(int expiry)
- public int getMaxAge()
- Max age in seconds after which cookie will expire
- Ifexpiry is negative, delete when browser exits
- Ifexpiry is zero, delete cookie immediately
-
8/9/2019 Session Tracking and Cookies
11/23
11
Cookies Source Code 1/2import java.io.*;
import javax.servlet.*;import javax.servlet.http.*;
public class CookieExample extendsHttpServlet {
public void doGet(HttpServletRequest request,HttpServletResponseresponse) throws IOException, ServletException {
response.setContentType("text/html");PrintWriter out = response.getWriter();
// print out cookies
Cookie[] cookies = request.getCookies();
for (int i = 0; i < cookies.length; i++) {
Cookie c = cookies[i];String name = c.getName();
String value = c.getValue();
out.println(name + " = " + value);
}
-
8/9/2019 Session Tracking and Cookies
12/23
12
Cookies Source Code 2/2
// set a cookie
String name = request.getParameter
("cookieName");
if (name != null && name.length() > 0) {
String value =
request.getParameter("cookieValue");
Cookie c = new Cookie(name, value);
response.addCookie(c);
}
}}
-
8/9/2019 Session Tracking and Cookies
13/23
Session
Provides a way to identify a user across more
than one page request or visit to a web site & to
store info. About that user.
Session is a instance ofHttpSession Interface
The session persists for a specified time period,
across more than one connection or page
request from the user. Each session is identified by unique session id,
which is sent to client using session cookie.
13
-
8/9/2019 Session Tracking and Cookies
14/23
-
8/9/2019 Session Tracking and Cookies
15/23
15
Servlet Sessions
HttpSession session =
request.getSession();
If null then this is a new session
Force a new session like thisrequest.getSession(true);
-
8/9/2019 Session Tracking and Cookies
16/23
16
Storing Information in Sessions
setAttribute(String name, Object value)
getAttribute(String name)
removeAttribute(String name)
getAttributeNames()
-
8/9/2019 Session Tracking and Cookies
17/23
17
Information About Sessions
getId()
isNew()
getCreationTime()
getLastAccessedTime()
getMaxInactiveInterval()
-
8/9/2019 Session Tracking and Cookies
18/23
State Management Issues
URLRewritting
Security,length of query string
Hidden Fields Used only in HTML form
Cookies
D
epends on client browser setting Session
Most reliable way of handling state.
18
-
8/9/2019 Session Tracking and Cookies
19/23
Inter Servlet Communication
For Inter Servlet Communication
two methods are used:
forward()
include()
-
8/9/2019 Session Tracking and Cookies
20/23
forward()
void forward(ServletRequest
req,ServletResponse res)
Transfers control to
another servlet
-
8/9/2019 Session Tracking and Cookies
21/23
include()
Void include(ServletRequest
req,ServletResponse res)
Calls another servlet and
embeds its output into
current servlets output
-
8/9/2019 Session Tracking and Cookies
22/23
Difference in sendRedirect() &
forward() RequestDispatcher.forward() andHttpServletResponse.sendRedirect() are the
two methods available forU
RL redirecting toanother jsp or servlet.
sendRedirect() is more flexible than forward()
because with sendRedirect() you can connectto any URL outside the webapplicationwhereas forward() will work only withinthe web application.
-
8/9/2019 Session Tracking and Cookies
23/23
Difference in sendRedirect() &
forward()
sendRedirect() is slower than forward()
sendRedirect() is on the client side whereas
forward() is on the server side.
top related