sessions orientation

8/6/2019 Sessions Orientation

http://slidepdf.com/reader/full/sessions-orientation 1/17

WWebeb PProgramming and &rogramming and &

UUser ser IInterfacenterface DDesignesignWeek 3Week 3



Learning ObjectivesLearning Objectives Server side Validation with Login form

Introduction to Sessions

Java Server Pages and MVC architecture



INTRODUCTION TOINTRODUCTION TOSessionsSessions



WebsphereWebsphere JavaJava ServletServlet

Request ProcessingRequest Processing

Internet

Browser

Client

HTTP

Server

HelloWorld.class

http://eagle.acadiau.ca/demo/servlet/HelloWorld

Tomcat

App. Server

servlet/HelloWorld

demo/servlet/ equates to

«/demo/WEB-INF/classes/HelloWorld.class

HTML

JVM



HTTP is ConnectionlessHTTP is Connectionless

The HTTP protocol is connectionlessThe HTTP protocol is connectionless

KnowledgeKnowledge of of prior prior pages pages visitedvisited or,or, for for example,example, products products placed placed inin aa shoppingshopping cartcartareare easilyeasily lostlost

SoSo howhow cancan server server applicationsapplications maintainmaintain aasensesense of of aa sessionsession withwith aa client?client?

± ± hidden fieldshidden fields ± ± cookiescookies

± ± session controlsession control



Hidden Fields in HTMLHidden Fields in HTML

Solution comes from CGI periodSolution comes from CGI period

Server hides session information within HTML Server hides session information within HTML

returned to the clientreturned to the client

FORM field INPUT type can be set to ³hidden´FORM field INPUT type can be set to ³hidden´

<INPUT TYPE=³hidden´ NAME=³itemsbought´<INPUT TYPE=³hidden´ NAME=³itemsbought´

VALUE=³209087,342901´>VALUE=³209087,342901´>

Field name and value will be returned to the server Field name and value will be returned to the server by the client when the client submits the form by the client when the client submits the form

request to the server request to the server



Hidden Fields in HTMLHidden Fields in HTML

Problems with this method?Problems with this method?

± ± User can see the hidden info (use source view)User can see the hidden info (use source view) ± ± Causes a lot of additional HTTP trafficCauses a lot of additional HTTP traffic

± ± Session info is lost if HTML (that containsSession info is lost if HTML (that contains

hidden fields) is losthidden fields) is lost



Servlets and CookiesServlets and Cookies

Solution comes from CGI period but has evolved with JavaSolution comes from CGI period but has evolved with Javaservletsservlets

ServletsServlets send a small piece of data to the client that getssend a small piece of data to the client that getswritten to a secure disk area:written to a secure disk area:

How does theHow does the servletservlet do this?do this?Cookie c = new Cookie(name, value);Cookie c = new Cookie(name, value);

response.addCookieresponse.addCookie(c)(c)

So the session data (products placed in the users shoppingSo the session data (products placed in the users shoppingcart) can be stored in cookiecart) can be stored in cookie

Or simply an ID can be placed in the cookie and the server Or simply an ID can be placed in the cookie and the server can maintain the session datacan maintain the session data




Client browsers will check to see if there isClient browsers will check to see if there is

a cookie associated with any request to aa cookie associated with any request to a

server (UR L

) or a particular server/path «server (UR L

) or a particular server/path «The server can establish the UR L specificsThe server can establish the UR L specifics::Cookie c = new Cookie(name, value);Cookie c = new Cookie(name, value);

c.setDomainc.setDomain(eagle.acadiau.ca);(eagle.acadiau.ca);

c.setPathc.setPath(/);(/);

Could be more specific if desired « theCould be more specific if desired « the

above is the defaultabove is the default




Whenever Whenever aa newnew requestrequest isis sentsent toto thethe

server server itit checkschecks toto seesee if if aa cookiecookie isis

includedincluded::Cookie[] cookies =Cookie[] cookies = request.getCookiesrequest.getCookies();();

for (for (intint ii = 0;= 0; ii << cookies.lengthcookies.length;; ii++) {++) {

Cookie c = cookies[Cookie c = cookies[ii];];

String name =String name = c.getNamec.getName();();

String value =String value = c.getValuec.getValue();();

}}




Problems with this method?Problems with this method?

± ± CookiesCookies havehave limitlimit lifelife ((servletservlet,, browser) browser) andandsizesize ((44k k bytes) bytes)

± ± MaximumMaximum number number of of cookiescookies setset by by browser browser

± ± User User maymay disabledisable cookiecookie acceptanceacceptance

± ± CanCan be be inefficientinefficient inin termsterms of of datadatacommunicationscommunications



Servlets and SessionsServlets and Sessions

SolutionSolution isis mostmost commonlycommonly usedused withwith JavaJava

servletsservlets andand JSPsJSPs

TheThe ServletServlet JDK JDK comescomes withwith HTTPHTTP classclassthatthat facilitatesfacilitates sessionsession managementmanagement --

HttpSessionHttpSession

AA sessionsession isis aa connectionconnection between between aa clientclientandand server server thatthat persists persists over over multiplemultiple HTTPHTTP

requestrequest // responsesresponses




AA newnew sessionsession isis establishedestablished by by usingusing thethe

getSessiongetSession()() methodmethod of of HttpSessionHttpSession classclass::HttpSessionHttpSession sessionsession == reqreq..getsessiongetsession(true)(true);;

If If parameter parameter == ³true´³true´ thethe servletservlet engineengine checkschecks totoseesee if if anan sessionsession alreadyalready exists,exists, if if soso aa handlehandle isis

returned,returned, otherwiseotherwise aa newnew sessionsession isis createdcreated

Therefore,Therefore, moremore thanthan oneone servletservlet cancan participate participate inin

aa sessionsession

Cookies are used to identify a session on the clientCookies are used to identify a session on the client




Session objects contain various information:Session objects contain various information:HttpSession session = request.getSession();HttpSession session = request.getSession();

out.println(rb.getString("sessions.id") + " " + session.getId());out.println(rb.getString("sessions.id") + " " + session.getId());

out.println("<br>");out.println("<br>"); [NOTE: rb is a resource bundle class[NOTE: rb is a resource bundle class replace rb.getString() with ASCII text for your own purposes]replace rb.getString() with ASCII text for your own purposes]

out.println(rb.getString("sessions.created") + " ");out.println(rb.getString("sessions.created") + " ");

out.println(new Date(session.getCreationTime()) + "<br>");out.println(new Date(session.getCreationTime()) + "<br>");

out.println(rb.getString("sessions.lastaccessed") + " ");out.println(rb.getString("sessions.lastaccessed") + " ");out.println(new Date(session.getLastAccessedTime()));out.println(new Date(session.getLastAccessedTime()));




Data stored as attributeData stored as attribute--value pairsvalue pairs Three keyThree key HttpSessionHttpSession methods:methods:

± ± setAttributesetAttribute((dataNamedataName,, dataValuedataValue))

± ± getAttributeNamesgetAttributeNames(),(), getAttributegetAttribute((dataNamedataName))

Examples:Examples:

StringString dataNamedataName == request.getParameterrequest.getParameter("("datanamedataname");");

StringString dataValuedataValue == request.getParameterrequest.getParameter("("datavaluedatavalue");");if (if (dataNamedataName != null &&!= null && dataValuedataValue != null) {!= null) {

session.setAttributesession.setAttribute((dataNamedataName,, dataValuedataValue););}}

Enumeration names =Enumeration names = session.getAttributeNamessession.getAttributeNames();();while (while (names.hasMoreElementsnames.hasMoreElements()) {()) {String name = (String)String name = (String) names.nextElementnames.nextElement();();

String value =String value = session.getAttributesession.getAttribute(name).(name).toStringtoString();();out.printlnout.println(name + " = " + value + "<(name + " = " + value + "<brbr>");>");

}}



THE ENDTHE END

sessions orientation

Documents