Session Tracking in Servlets Session simply means a particular interval of time. Session Tracking is a way to maintain state (data) of an user. It is also known as session management in servlet. Http protocol is a stateless so we need to maintain state using session tracking techniques. Each time user requests to the server, server treats the request as the new request. So we need to maintain the state of an user to recognize to particular user. HTTP is stateless that means each request is considered as the new request. Session Tracking Techniques There are four techniques used in Session tracking: Cookies Hidden Form Field URL Rewriting HttpSession

whenever a user starts using our application, we can save a unique identification information about him, in an object which is available throughout the application, until its destroyed. So wherever the user goes, we will always have his information and we can always manage which user is doing what. Whenever a user wants to exit from your application, destroy the object with his information.

<servlet-name>Validate</servlet-name> <web-app..> <servlet> <servlet-name>Validate</servlet-name> <servlet-class>Validate</servlet-class> </servlet> <servlet-name>Welcome</servlet-name> <servlet-class>Welcome</servlet-class> <servlet-mapping> <url-pattern>/Validate</url-pattern> </servlet-mapping> <url-pattern>/Welcome</url-pattern> <welcome-file-list> <welcome-file>index.html</welcome-file> </welcome-file-list> </web-app> <form method="post" action="Validate"> User: <input type="text" name="user" /><br/> Password: <input type="text" name="pass" ><br/> <input type="submit" value="submit"> </form>

import java.io.*; import javax.servlet.*; import javax.servlet.http.*; public class Validate extends HttpServlet { protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); String name = request.getParameter("user"); String pass = request.getParameter("pass"); if(pass.equals("1234")) { //creating a session HttpSession session = request.getSession(); session.setAttribute("user", name); response.sendRedirect("Welcome"); }

import java.io.*; import javax.servlet.*; import javax.servlet.http.*; public class Welcome extends HttpServlet { protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); PrintWriter out = response.getWriter(); HttpSession session = request.getSession(); String user = (String)session.getAttribute("user"); out.println("Hello "+user); }

Cookies small piece of information that is persisted between the multiple client requests  name, a single value, and optional attributes such as a comment, path and domain qualifiers, a maximum age, and a version number. A web server can assign a unique session ID as a cookie to each web client and for subsequent requests from the client they can be recognized using the received cookie. used for storing client state

Types of Cookie There are 2 types of cookies in servlets. Non-persistent cookie Persistent cookie It is valid for single session only. It is removed each time when user closes the browser. It is valid for multiple session . It is not removed each time when user closes the browser. It is removed only if user logout or signout. Advantage of Cookies Simplest technique of maintaining the state. Cookies are maintained at client side. Disadvantage of Cookies It will not work if cookie is disabled from the browser. Only textual information can be set in Cookie object.

create Cookie Cookie ck=new Cookie("user","sony");//creating cookie object   response.addCookie(ck);//adding cookie in the response   delete Cookie Cookie ck=new Cookie("user","");//deleting value of cookie   ck.setMaxAge(0);//changing the maximum age to 0 seconds   response.addCookie(ck);//adding cookie in the response  

import java.io.*; import javax.servlet.*; import javax.servlet.http.*; public class FirstServlet extends HttpServlet { public void doPost(HttpServletRequest request, HttpServletResponse response){ try{ response.setContentType("text/html"); PrintWriter out = response.getWriter(); String n=request.getParameter("userName"); out.print("Welcome "+n); Cookie ck=new Cookie("uname",n);//creating cookie object response.addCookie(ck);//adding cookie in the response //creating submit button out.print("<form action='servlet2'>"); out.print("<input type='submit' value='go'>"); out.print("</form>"); out.close(); }catch(Exception e){System.out.println(e);} } }

import java.io.*; import javax.servlet.*; import javax.servlet.http.*; public class SecondServlet extends HttpServlet { public void doPost(HttpServletRequest request, HttpServletResponse response){ try{ response.setContentType("text/html"); PrintWriter out = response.getWriter(); Cookie ck[]=request.getCookies(); out.print("Hello "+ck[0].getValue()); out.close(); }catch(Exception e){System.out.println(e);} }

<web-app> <servlet> <servlet-name>s1</servlet-name> <servlet-class>FirstServlet</servlet-class> </servlet> <servlet-mapping> <url-pattern>/servlet1</url-pattern> </servlet-mapping> <servlet-name>s2</servlet-name> <servlet-class>SecondServlet</servlet-class> <url-pattern>/servlet2</url-pattern> </web-app>

Hidden Form Fields: URL Rewriting a hidden (invisible) textfield is used for maintaining the state of an user <input type="hidden" name="sessionid" value="12345"> we store the information in the hidden field and get it from another servlet when the form is submitted, the specified name and value are automatically included in the GET or POST data. Each time when web browser sends request back, then session_id value can be used to keep the track of different web browsers. URL Rewriting append some extra data on the end of each URL that identifies the session, and the server can associate that session identifier with data it has stored about that session. http://point.com/file.htm;sessionid=12345