Session Tracking and Cookies

8/9/2019 Session Tracking and Cookies

1/23

1

Session Tracking


2/23

State Management

State management means remembering client

information across calls.

In web applications state management is

must.

2


3/23

3

Persistent information

A server site typically needs to maintain two kindsofpersistent (remembered) information:

- Information about the session

A session starts when the user logs in or otherwise identifies

himself/herself, and continues until the user logs out or

completes the transaction (for example, makes a purchase)

- Information about the user

U

ser information must generally be maintained much longerthan session information (for example, remembering a

purchase)

This information must be stored on the server, for example

on a file or in a database


4/23


5/23

5

Session tracking solutions

Cookies are small files that the servlet can

store on the client computer, and retrieve later

URL

rewriting: You can append a uniqueID

after the URL to identify the user

Hidden fields can be used to store a

unique ID Javas Session Tracking API can be used to do

most of the work for you


6/23

6

Hidden fields

Advantage:

- Requires the least knowledge: All you need to

know is how to read and write parameters

Disadvantages:

- Not kept across sessions, so useless for maintaining

persistent information about a user

- Since the session ID must be incorporated into

every HTML page, every HTML page must be

dynamically generated


7/23

7

Cookies

A cookie is a small bit of text sent to the client

that can be read again later

- Limitations (for the protection of the client):

Not more than 4KB per cookie (more than enough in

general)

Not more than 20 cookies per site

Not more than 300 cookies total


8/23

Cookies

Cookie is sent to client through Response

object.

The browser returns cookies to the servlet by

adding fields to HTTP request headers.


9/23

9

Using cookies

import javax.servlet.http.*; Constructor: Cookie(String name, String value)

Assuming requestis an HttpServletRequest and response is

an HttpServletResponse,

-response.addCookie(cookie);

- Cookie[ ] cookies = request.getCookies();

String name = cookies[i].getName();

String value = cookies[i].getValue(); There are, of course, many more methods in

the HttpServletRequest,HttpServletResponse, and

Cookie classes in the javax.servlet.http package


10/23

10

Some more Cookie methods

public void setComment(String purpose)

- public String getComment()

public void setMaxAge(int expiry)

- public int getMaxAge()

- Max age in seconds after which cookie will expire

- Ifexpiry is negative, delete when browser exits

- Ifexpiry is zero, delete cookie immediately


11/23

11

Cookies Source Code 1/2import java.io.*;

import javax.servlet.*;import javax.servlet.http.*;

public class CookieExample extendsHttpServlet {

public void doGet(HttpServletRequest request,HttpServletResponseresponse) throws IOException, ServletException {

response.setContentType("text/html");PrintWriter out = response.getWriter();

// print out cookies

Cookie[] cookies = request.getCookies();

for (int i = 0; i < cookies.length; i++) {

Cookie c = cookies[i];String name = c.getName();

String value = c.getValue();

out.println(name + " = " + value);

}


12/23

12

Cookies Source Code 2/2

// set a cookie

String name = request.getParameter

("cookieName");

if (name != null && name.length() > 0) {

String value =

request.getParameter("cookieValue");

Cookie c = new Cookie(name, value);

response.addCookie(c);

}

}}


13/23

Session

Provides a way to identify a user across more

than one page request or visit to a web site & to

store info. About that user.

Session is a instance ofHttpSession Interface

The session persists for a specified time period,

across more than one connection or page

request from the user. Each session is identified by unique session id,

which is sent to client using session cookie.

13


14/23


15/23

15

Servlet Sessions

HttpSession session =

request.getSession();

If null then this is a new session

Force a new session like thisrequest.getSession(true);


16/23

16

Storing Information in Sessions

setAttribute(String name, Object value)

getAttribute(String name)

removeAttribute(String name)

getAttributeNames()


17/23

17

Information About Sessions

getId()

isNew()

getCreationTime()

getLastAccessedTime()

getMaxInactiveInterval()


18/23

State Management Issues

URLRewritting

Security,length of query string

Hidden Fields Used only in HTML form

Cookies

D

epends on client browser setting Session

Most reliable way of handling state.

18


19/23

Inter Servlet Communication

For Inter Servlet Communication

two methods are used:

forward()

include()


20/23

forward()

void forward(ServletRequest

req,ServletResponse res)

Transfers control to

another servlet


21/23

include()

Void include(ServletRequest

req,ServletResponse res)

Calls another servlet and

embeds its output into

current servlets output


22/23

Difference in sendRedirect() &

forward() RequestDispatcher.forward() andHttpServletResponse.sendRedirect() are the

two methods available forU

RL redirecting toanother jsp or servlet.

sendRedirect() is more flexible than forward()

because with sendRedirect() you can connectto any URL outside the webapplicationwhereas forward() will work only withinthe web application.


23/23

Difference in sendRedirect() &

forward()

sendRedirect() is slower than forward()

sendRedirect() is on the client side whereas

forward() is on the server side.

Session Tracking and Cookies

Documents

Transcript of Session Tracking and Cookies