sessions orientation
TRANSCRIPT
8/6/2019 Sessions Orientation
http://slidepdf.com/reader/full/sessions-orientation 1/17
WWebeb PProgramming and &rogramming and &
UUser ser IInterfacenterface DDesignesignWeek 3Week 3
8/6/2019 Sessions Orientation
http://slidepdf.com/reader/full/sessions-orientation 2/17
Learning ObjectivesLearning Objectives Server side Validation with Login form
Introduction to Sessions
Java Server Pages and MVC architecture
8/6/2019 Sessions Orientation
http://slidepdf.com/reader/full/sessions-orientation 3/17
INTRODUCTION TOINTRODUCTION TOSessionsSessions
8/6/2019 Sessions Orientation
http://slidepdf.com/reader/full/sessions-orientation 4/17
8/6/2019 Sessions Orientation
http://slidepdf.com/reader/full/sessions-orientation 5/17
WebsphereWebsphere JavaJava ServletServlet
Request ProcessingRequest Processing
Internet
Browser
Client
HTTP
Server
HelloWorld.class
http://eagle.acadiau.ca/demo/servlet/HelloWorld
Tomcat
App. Server
servlet/HelloWorld
demo/servlet/ equates to
«/demo/WEB-INF/classes/HelloWorld.class
HTML
JVM
8/6/2019 Sessions Orientation
http://slidepdf.com/reader/full/sessions-orientation 6/17
HTTP is ConnectionlessHTTP is Connectionless
The HTTP protocol is connectionlessThe HTTP protocol is connectionless
KnowledgeKnowledge of of prior prior pages pages visitedvisited or,or, for for example,example, products products placed placed inin aa shoppingshopping cartcartareare easilyeasily lostlost
SoSo howhow cancan server server applicationsapplications maintainmaintain aasensesense of of aa sessionsession withwith aa client?client?
± ± hidden fieldshidden fields ± ± cookiescookies
± ± session controlsession control
8/6/2019 Sessions Orientation
http://slidepdf.com/reader/full/sessions-orientation 7/17
Hidden Fields in HTMLHidden Fields in HTML
Solution comes from CGI periodSolution comes from CGI period
Server hides session information within HTML Server hides session information within HTML
returned to the clientreturned to the client
FORM field INPUT type can be set to ³hidden´FORM field INPUT type can be set to ³hidden´
<INPUT TYPE=³hidden´ NAME=³itemsbought´<INPUT TYPE=³hidden´ NAME=³itemsbought´
VALUE=³209087,342901´>VALUE=³209087,342901´>
Field name and value will be returned to the server Field name and value will be returned to the server by the client when the client submits the form by the client when the client submits the form
request to the server request to the server
8/6/2019 Sessions Orientation
http://slidepdf.com/reader/full/sessions-orientation 8/17
Hidden Fields in HTMLHidden Fields in HTML
Problems with this method?Problems with this method?
± ± User can see the hidden info (use source view)User can see the hidden info (use source view) ± ± Causes a lot of additional HTTP trafficCauses a lot of additional HTTP traffic
± ± Session info is lost if HTML (that containsSession info is lost if HTML (that contains
hidden fields) is losthidden fields) is lost
8/6/2019 Sessions Orientation
http://slidepdf.com/reader/full/sessions-orientation 9/17
Servlets and CookiesServlets and Cookies
Solution comes from CGI period but has evolved with JavaSolution comes from CGI period but has evolved with Javaservletsservlets
ServletsServlets send a small piece of data to the client that getssend a small piece of data to the client that getswritten to a secure disk area:written to a secure disk area:
How does theHow does the servletservlet do this?do this?Cookie c = new Cookie(name, value);Cookie c = new Cookie(name, value);
response.addCookieresponse.addCookie(c)(c)
So the session data (products placed in the users shoppingSo the session data (products placed in the users shoppingcart) can be stored in cookiecart) can be stored in cookie
Or simply an ID can be placed in the cookie and the server Or simply an ID can be placed in the cookie and the server can maintain the session datacan maintain the session data
8/6/2019 Sessions Orientation
http://slidepdf.com/reader/full/sessions-orientation 10/17
Servlets and CookiesServlets and Cookies
Client browsers will check to see if there isClient browsers will check to see if there is
a cookie associated with any request to aa cookie associated with any request to a
server (UR L
) or a particular server/path «server (UR L
) or a particular server/path «The server can establish the UR L specificsThe server can establish the UR L specifics::Cookie c = new Cookie(name, value);Cookie c = new Cookie(name, value);
c.setDomainc.setDomain(eagle.acadiau.ca);(eagle.acadiau.ca);
c.setPathc.setPath(/);(/);
Could be more specific if desired « theCould be more specific if desired « the
above is the defaultabove is the default
8/6/2019 Sessions Orientation
http://slidepdf.com/reader/full/sessions-orientation 11/17
Servlets and CookiesServlets and Cookies
Whenever Whenever aa newnew requestrequest isis sentsent toto thethe
server server itit checkschecks toto seesee if if aa cookiecookie isis
includedincluded::Cookie[] cookies =Cookie[] cookies = request.getCookiesrequest.getCookies();();
for (for (intint ii = 0;= 0; ii << cookies.lengthcookies.length;; ii++) {++) {
Cookie c = cookies[Cookie c = cookies[ii];];
String name =String name = c.getNamec.getName();();
String value =String value = c.getValuec.getValue();();
}}
8/6/2019 Sessions Orientation
http://slidepdf.com/reader/full/sessions-orientation 12/17
Servlets and CookiesServlets and Cookies
Problems with this method?Problems with this method?
± ± CookiesCookies havehave limitlimit lifelife ((servletservlet,, browser) browser) andandsizesize ((44k k bytes) bytes)
± ± MaximumMaximum number number of of cookiescookies setset by by browser browser
± ± User User maymay disabledisable cookiecookie acceptanceacceptance
± ± CanCan be be inefficientinefficient inin termsterms of of datadatacommunicationscommunications
8/6/2019 Sessions Orientation
http://slidepdf.com/reader/full/sessions-orientation 13/17
Servlets and SessionsServlets and Sessions
SolutionSolution isis mostmost commonlycommonly usedused withwith JavaJava
servletsservlets andand JSPsJSPs
TheThe ServletServlet JDK JDK comescomes withwith HTTPHTTP classclassthatthat facilitatesfacilitates sessionsession managementmanagement --
HttpSessionHttpSession
AA sessionsession isis aa connectionconnection between between aa clientclientandand server server thatthat persists persists over over multiplemultiple HTTPHTTP
requestrequest // responsesresponses
8/6/2019 Sessions Orientation
http://slidepdf.com/reader/full/sessions-orientation 14/17
Servlets and SessionsServlets and Sessions
AA newnew sessionsession isis establishedestablished by by usingusing thethe
getSessiongetSession()() methodmethod of of HttpSessionHttpSession classclass::HttpSessionHttpSession sessionsession == reqreq..getsessiongetsession(true)(true);;
If If parameter parameter == ³true´³true´ thethe servletservlet engineengine checkschecks totoseesee if if anan sessionsession alreadyalready exists,exists, if if soso aa handlehandle isis
returned,returned, otherwiseotherwise aa newnew sessionsession isis createdcreated
Therefore,Therefore, moremore thanthan oneone servletservlet cancan participate participate inin
aa sessionsession
Cookies are used to identify a session on the clientCookies are used to identify a session on the client
8/6/2019 Sessions Orientation
http://slidepdf.com/reader/full/sessions-orientation 15/17
Servlets and SessionsServlets and Sessions
Session objects contain various information:Session objects contain various information:HttpSession session = request.getSession();HttpSession session = request.getSession();
out.println(rb.getString("sessions.id") + " " + session.getId());out.println(rb.getString("sessions.id") + " " + session.getId());
out.println("<br>");out.println("<br>"); [NOTE: rb is a resource bundle class[NOTE: rb is a resource bundle class replace rb.getString() with ASCII text for your own purposes]replace rb.getString() with ASCII text for your own purposes]
out.println(rb.getString("sessions.created") + " ");out.println(rb.getString("sessions.created") + " ");
out.println(new Date(session.getCreationTime()) + "<br>");out.println(new Date(session.getCreationTime()) + "<br>");
out.println(rb.getString("sessions.lastaccessed") + " ");out.println(rb.getString("sessions.lastaccessed") + " ");out.println(new Date(session.getLastAccessedTime()));out.println(new Date(session.getLastAccessedTime()));
8/6/2019 Sessions Orientation
http://slidepdf.com/reader/full/sessions-orientation 16/17
Servlets and SessionsServlets and Sessions
Data stored as attributeData stored as attribute--value pairsvalue pairs Three keyThree key HttpSessionHttpSession methods:methods:
± ± setAttributesetAttribute((dataNamedataName,, dataValuedataValue))
± ± getAttributeNamesgetAttributeNames(),(), getAttributegetAttribute((dataNamedataName))
Examples:Examples:
StringString dataNamedataName == request.getParameterrequest.getParameter("("datanamedataname");");
StringString dataValuedataValue == request.getParameterrequest.getParameter("("datavaluedatavalue");");if (if (dataNamedataName != null &&!= null && dataValuedataValue != null) {!= null) {
session.setAttributesession.setAttribute((dataNamedataName,, dataValuedataValue););}}
Enumeration names =Enumeration names = session.getAttributeNamessession.getAttributeNames();();while (while (names.hasMoreElementsnames.hasMoreElements()) {()) {String name = (String)String name = (String) names.nextElementnames.nextElement();();
String value =String value = session.getAttributesession.getAttribute(name).(name).toStringtoString();();out.printlnout.println(name + " = " + value + "<(name + " = " + value + "<brbr>");>");
}}
8/6/2019 Sessions Orientation
http://slidepdf.com/reader/full/sessions-orientation 17/17
THE ENDTHE END