Servlet Sessions and Cookies

Slides:



Advertisements
Similar presentations
Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 10 Servlets and Java Server Pages.
Advertisements

7 Copyright © 2005, Oracle. All rights reserved. Maintaining State in J2EE Applications.
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
MC365 Application Servers: Servlets. Today We Will Cover: What a servlet is The HTTPServlet and some of its more important methods How to configure the.
Servlets and a little bit of Web Services Russell Beale.
Liang, Introduction to Java Programming, Sixth Edition, (c) 2005 Pearson Education, Inc. All rights reserved Chapter 34 Servlets.
XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.
/ department of mathematics and computer sciencedepartment of mathematics and computer science / architecture of information systems.
Chapter 4 Servlets Concept of Servlets (What, Why, and How) Servlet API Third-party tools to run servlets Examples of Using Servlets HTML tag with GET.
SE-2840 Dr. Mark L. Hornick1 Java Servlet-based web apps Servlet Architecture.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
Servlets Pranav Maydeo. What is a Servlet ? Servlets are modules of Java code that run in a server application to answer client requests. Servlets are.
Web application architecture
Advanced Web Forms with Databases Programming Right from the Start with Visual Basic.NET 1/e 13.
Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.
COMP 321 Week 7. Overview HTML and HTTP Basics Dynamic Web Content ServletsMVC Tomcat in Eclipse Demonstration Lab 7-1 Introduction.
Web Programming Language Week 7 Dr. Ken Cosh Security, Sessions & Cookies.
Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.
Session tracking There are a number of problems that arise from the fact that HTTP is a "stateless" protocol. In particular, when you are doing on- line.
Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.
1 Maryland ColdFusion User Group Session Management December 2001 Michael Schuler
Java Servlets & Java Server Pages Lecture July 2013.
Chapter 6 Server-side Programming: Java Servlets
Cookies Web Browser and Server use HTTP protocol to communicate and HTTP is a stateless protocol. But for a commercial website it is required to maintain.
Cookies & Session Web Technology
Dr. Azeddine Chikh IS444: Modern tools for applications development.
STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state.
® IBM Software Group © 2007 IBM Corporation Best Practices for Session Management
CSCI 6962: Server-side Design and Programming Java Server Faces Scoping and Session Handling.
Server-side Programming The combination of –HTML –JavaScript –DOM is sometimes referred to as Dynamic HTML (DHTML) Web pages that include scripting are.
ASP.Net, Web Forms and Web Controls 1 Outline Session Tracking Cookies Session Tracking with HttpSessionState.
SE-2840 Dr. Mark L. Hornick1 Servlet Threads and Sessions.
1 Java Servlets l Servlets : programs that run within the context of a server, analogous to applets that run within the context of a browser. l Used to.
CSI 3125, Preliminaries, page 1 SERVLET. CSI 3125, Preliminaries, page 2 SERVLET A servlet is a server-side software program, Responds oriented other.
1 Introduction to Servlets. Topics Web Applications and the Java Server. HTTP protocol. Servlets 2.
Introduction to Servlets Allen Day. Notes This is a training NOT a presentation Please ask questions Prerequisites.
CSI 3125, Preliminaries, page 1 SERVLET. CSI 3125, Preliminaries, page 2 SERVLET A servlet is a server-side software program, written in Java code, that.
SE-2840 Dr. Mark L. Hornick 1 Introduction to Ajax Asynchronous Javascript And XML.
1 State and Session Management HTTP is a stateless protocol – it has no memory of prior connections and cannot distinguish one request from another. The.
ITM © Port,Kazman 1 ITM 352 Cookies. ITM © Port,Kazman 2 Problem… r How do you identify a particular user when they visit your site (or any.
ASP.NET Part II Dr. Awad Khalil Computer Science Department AUC.
8-Mar-16 More About Servlets Session Tracking. Persistent information A server site typically needs to maintain two kinds of persistent (remembered) information:
COOKIES AND SESSIONS.
Distributed Web Systems Cookies and Session Tracking Lecturer Department University.
CS-4220 Dr. Mark L. Hornick1 Single class doing too many things =Bad Code Smell.
Cookies Tutorial Cavisson Systems Inc..
Servlets.
WWW and HTTP King Fahd University of Petroleum & Minerals
Java Servlets.
Chapter 6 Server-side Programming: Java Servlets
Client / Session Identification Cookies
Web Programming Language
Creating Novell Portal Services Gadgets: An Architectural Overview
Cookies and Sessions in PHP
What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.
Chapter 26 Servlets.
Client / Session Identification Cookies
CS320 Web and Internet Programming Cookies and Session Tracking
Handling State in Web Applications
Servlet APIs Every servlet must implement javax.servlet.Servlet interface Most servlets implement the interface by extending one of these classes javax.servlet.GenericServlet.
CS3220 Web and Internet Programming Cookies and Session Tracking
Knowledge Byte In this section, you will learn about:
CSc 337 Lecture 27: Cookies.
CS3220 Web and Internet Programming Cookies and Session Tracking
State Handling CS 4640 Programming Languages for Web Applications
Web Programming Language
State Handling CS 4640 Programming Languages for Web Applications
CSc 337 Lecture 25: Cookies.
Presentation transcript:

Servlet Sessions and Cookies SE-2840 Dr. Mark L. Hornick

By default, Servlets have no memory of who makes a request The HTTP protocol is stateless, meaning it does not keep track of ongoing request/response messages. Each HTTP request/response is independent of any other request/response ? SE-2840 Dr. Mark L. Hornick

Stateless Pro/Con Good for browsing and hyperlinking pages in any order without regard to past history No HTTP overhead in maintaining state Bad for applications that require complex user interaction between web pages The web application may want/need to know what page you’ve visited previous to the current page What you’ve done on previous visits SE-2840 Dr. Mark L. Hornick

A web server can ask a browser to set/read/send Cookies as part of the HTTP header HTTP request: “give me a page” Web Browser Web Server HTTP response: “OK, and BTW, store this Cookie” SE-2840 Dr. Mark L. Hornick

A Cookie is a small amount of information that can be used to implement state As a web site developer, you can store information you gather from a user on the file system of the user’s PC as a Cookie Previous date of web site access Login status . . . Cookie information Web Browser SE-2840 Dr. Mark L. Hornick

A Cookie has various properties name – the cookie name value – the value of the cookie expires – the date the cookie expires path – path in domain in which cookie is visible domain – domain the cookie is visible to secure – cookie is only available over secure connections httponly – cookie is only available via HTTP SE-2840 Dr. Mark L. Hornick

On subsequent visits, the web server can retrieve the Cookies via the HTTP header HTTP request: “give me that page again; BTW, here’s the cookie you asked me to store last time” Web Browser Web Server HTTP response: “OK, I’ll use that Cookie I gave you last time so I can customize the response” SE-2840 Dr. Mark L. Hornick

Session Protocol User's browser is given a session ID by the server Tomcat does this automatically Cookie expiration is usually fairly short; some are very long ID is included in subsequent HTTP exchanges with the server “subsequent” can be even weeks later (usually not) Server uses received session ID to locate/ retrieve corresponding session data/variables Session variables kept on server for efficiency and security Persist somewhere on the server filesystem or server db SE-2840 Dr. Mark L. Hornick

Application Session lifetime can be adjusted <?xml version="1.0" encoding="UTF-8"?> ... <servlet> <servlet-name>HelloWorld</servlet-name> <servlet-class>test.HelloWorldServlet</servlet-class> </servlet> ... Some other servlet’s defn goes here <!– Session life in minutes; 0 means end w/ browser session --> <session-config> <session-timeout>30</session-timeout> </session-config> </web-app> SE-2840 Dr. Mark L. Hornick

Tomcat handles session management for Servlets A reference to an HTTPServletRequest is created by the Container and passed to the doGet() and doPost() methods of an HTTPServlet. Session references are retrieved from the Request object. Note: You can look at Cookie objects via request.getCookies(), and set your own Cookie objects via response.addCookie() SE-2840 Dr. Mark L. Hornick

We usually initialize a ServletConfig attribute before any Servlets are initialized Solution: Use a class that implements the ServletContextListener interface This is one of 8 different Listeners The event class SE-2840 Dr. Mark L. Hornick

The contextInitialized() event handler is called by Tomcat at startup In the contextInitialized() method, we can create a ServletContext attribute that is a complex datatype: public void contextInitialized(ServletContextEvent e) { ServletContext context = e.getServletContext(); context.setAttribute(“foo”, new MyComplexType() ); } // later, any Servlet will be able to access MyComplexType via a call to getServletContext().getAttribute(“foo”); SE-2840 Dr. Mark L. Hornick

We need to register ServletContextListeners In Tomcat 7, just use the @Weblistener annotation! In Tomcat 6, you must edit the DD (web.xml): <?xml version="1.0" encoding="UTF-8"?> ... <servlet> <servlet-name>MyServlet</servlet-name> <servlet-class>test.HelloWorldServlet</servlet-class> </servlet> ... Some other servlet’s defn goes here <!– Here’s how a ServletContextListener is registered --> <listener> <listener-class>myPackage.MyContextListener</listener-class> </listener </web-app> SE-2840 Dr. Mark L. Hornick

This is what we really want User 1 hits Submit on a form page. service(request, response) Data store service(request, response) Thread 19 User 1 User1 session Thread 20 Data store User2 session Each user gets a separate session object which can be used to manage separate data stores. User 2 hits Submit on the same form page at about the same time. User 2 SE-2840 Dr. Mark L. Hornick