web application development * these slides have been adapted and modified from coreservlets course...
TRANSCRIPT
![Page 1: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/1.jpg)
Web Application Development
* These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed).
![Page 2: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/2.jpg)
HTTP is a stateless protocol Every request is considered independent of every
other request
Many web applications need to maintain a conversational state with the client A shopping cart is a classic example
![Page 3: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/3.jpg)
Example Conversations When clients at on-line store add item to
their shopping cart, how does server know what’s already in cart?
When clients decide to proceed to checkout, how can server determine which previously created cart is theirs?
![Page 4: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/4.jpg)
Server Side? Makes Server Really Complicated State per client!
Client Side?
![Page 5: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/5.jpg)
Server puts little notes on the client side
When client submits the next form, it also (unknowingly) submits these little notes
Server reads the notes, remembers who the client is
![Page 6: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/6.jpg)
Credit: Programming the World Wide Web Book by Sebesta
![Page 7: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/7.jpg)
Cookies Advantages
▪ Cookies do not require any server resources since they are stored on the client.
▪ Cookies are easy to implement. ▪ You can configure cookies to expire when the
browser session ends (session cookies) or they can exist for a specified length of time on the client computer (persistent cookies).
Disadvantages▪ Users can delete cookies. ▪ Users browser can refuse cookies, so your code
has to anticipate that possibility.
![Page 8: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/8.jpg)
URL Rewriting Advantage
▪ Works even if cookies are disabled or unsupported
Disadvantages▪ Lots of tedious processing▪ Must encode all URLs that refer to your own
site▪ Links from other sites and bookmarks can fail
![Page 9: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/9.jpg)
For example, the following URLs have been rewritten to pass the session id 123 Original
http://server:port/servlet/rewrite
Extra path informationhttp://server:port/servlet/rewrite/123
Added parameterhttp://server:port/servlet/rewrite?id=123
Custom changehttp://server:port/servlet/rewrite;$id$123
![Page 10: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/10.jpg)
Hidden Fields Advantage
▪ Works even if cookies are disabled or unsupported
Disadvantages▪ Lots of tedious processing▪ All pages must be the result of form
submissions
![Page 11: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/11.jpg)
<input type=“hidden” name=“sessionid” value=“123”>
![Page 12: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/12.jpg)
Session objects live on the server
Automatically associated with client via cookies or URL-rewriting
Checks for a cookie or URL extra info
![Page 13: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/13.jpg)
1. To get the user’s session object
Call getSession( ) method of HTTPServletRequest class
pass false to the getSession() method HttpSession ses = request.getSession(false);
If no current session exists:
▪ You will get a null object
![Page 14: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/14.jpg)
1. To get the user’s session object (cont.)
If true is passed to the getSession() method then
If user already has a session
▪ the existing session is returned
For example: HttpSession ses = request.getSession(true);
If no session exists
▪ a new one is created and returned
![Page 15: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/15.jpg)
2. Storing information in a session Session objects works like a HashMap
▪ HashMap is able to store any type of java object
You can therefore store any number of keys and their values
For example ses.setAttribute(“id”, “123”);
key Value
![Page 16: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/16.jpg)
3. Looking up information associated with a session
String sID = (String)ses.getAttribute(“id”);
returns an Object type, so you will need to perform a type cast
![Page 17: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/17.jpg)
4. Terminating session
Automatic
▪ After the amount of time session gets terminated automatically( getMaxInactiveInterval( ) )
Manual ses.invalidate();
![Page 18: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/18.jpg)
HttpServletResponse provides two methods to perform encoding
1. String encodeURL(String URL)
2. String encodeRedirectURL(String URL)
If Cookies disabled Both methods encodes (rewrites) the specified URL to
include the session ID and returns the new URL
If Cookies enabled Returns the URL unchanged
![Page 19: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/19.jpg)
1. String encodeURL(String URL)
For example
String URL = “/servlet/sessiontracker”; String eURL = response.encodeURL(URL);
out. println("<A HREF=\"" + eURL + "\">...</A>");
![Page 20: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/20.jpg)
2. String encodeRedirectURL(String URL)
For exampleString URL = “/servlet/sessiontracker”;
String eURL = response.encodeRedirectURL(URL); response.sendRedirect(eURL);
![Page 21: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/21.jpg)
Amazon
Servlet Container
Session ID = 123XYZ
Shopping Cart sc[item 1=324]
Request
Credit: cs193i at Standford
![Page 22: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/22.jpg)
Amazon
Servlet Container
Session ID = 123XYZ
Shopping Cart sc[item 1=324]
Response:Set-Cookie: sid=123XYZ
Credit: cs193i at Standford
![Page 23: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/23.jpg)
Amazon
Servlet Container
Session ID = 123XYZ
Shopping Cart sc[item 1=324]
Request:Set-Cookie: sid=123XYZ
Credit: cs193i at Standford
![Page 24: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/24.jpg)
Amazon
Servlet Container
Session ID = 123XYZ
Shopping Cart sc[item 1=324 item 2=115]
Request:Set-Cookie: sid=123XYZ
Credit: cs193i at Standford
![Page 25: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/25.jpg)
getAttribute (getValue in old servlet spec 2.1) Extracts a previously stored value from a session
object. Returns null if no value is associated with given name.
setAttribute (putValue in ver. 2.1) Associates a value with a name. Monitor changes:
values implement HttpSessionBindingListener. removeAttribute (removeValue in ver. 2.1)
Removes values associated with name.
![Page 26: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/26.jpg)
getCreationTime Returns time at which session was first created
getLastAccessedTime
Returns time at which session was last sent from client
getMaxInactiveInterval, setMaxInactiveInterval Gets or sets the amount of time session should
go without access before being invalidated invalidate
Invalidates the session and unbinds all objects associated with it
![Page 27: Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed)](https://reader033.vdocument.in/reader033/viewer/2022051620/56649edb5503460f94beb68d/html5/thumbnails/27.jpg)
Although it usually uses cookies behind the scenes, the session tracking API is higher-level and easier to use than the cookie API If server supports URL-rewriting, your code unchanged
Session information lives on server Cookie or extra URL info associates it with a user
Obtaining session request.getSession(true)
Associating values with keys session.setAttribute (or session.putValue)
Finding values associated with keys session.getAttribute (or session.getValue)
▪ Always check if this value is null