Handling State in Java Servlets

Slides:



Advertisements
Similar presentations
7 Copyright © 2005, Oracle. All rights reserved. Maintaining State in J2EE Applications.
Advertisements

Cutting Edge Research in Engineering of Web Applications Part 2 What is Different about Engineering Web Apps? Jeff Offutt Professor of Software Engineering.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 22 World Wide Web and HTTP.
 Copyright Wipro Technologies JSP Ver 1.0 Page 1 Talent Transformation Java Server Pages.
All You Ever Wanted To Know About Servlets But Were Afraid to Ask.
Java Servlets. What Are Servlets? Basically, a java program that runs on the server Basically, a java program that runs on the server Creates dynamic.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)
Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
Advanced Web Forms with Databases Programming Right from the Start with Visual Basic.NET 1/e 13.
JSP Java Server Pages Softsmith Infotech.
JAVA SERVER PAGES. 2 SERVLETS The purpose of a servlet is to create a Web page in response to a client request Servlets are written in Java, with a little.
Session tracking There are a number of problems that arise from the fact that HTTP is a "stateless" protocol. In particular, when you are doing on- line.
Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed).
Java Servlets & Java Server Pages Lecture July 2013.
Chapter 6 Server-side Programming: Java Servlets
Chapter 9 Session Tracking. Session Tracking Basics Accessing the session object associated with the current request: Call request.getSession to get an.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Session Management.
® IBM Software Group © 2007 IBM Corporation Best Practices for Session Management
All You Ever Wanted To Know About Servlets But Were Afraid to Ask.
The Problem of State. We will look at… Sometimes web development is just plain weird! Internet / World Wide Web Aspects of their operation The role of.
SE-2840 Dr. Mark L. Hornick1 Servlet Threads and Sessions.
What is a Servlet? Java Program that runs in a Java web server and conforms to the servlet api. A program that uses class library that decodes and encodes.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 JSP Application Models.
CSI 3125, Preliminaries, page 1 SERVLET. CSI 3125, Preliminaries, page 2 SERVLET A servlet is a server-side software program, written in Java code, that.
1 State and Session Management HTTP is a stateless protocol – it has no memory of prior connections and cannot distinguish one request from another. The.
©SoftMooreSlide 1 Session Tracking with Servlets.
CSC 2720 Building Web Applications Managing Users' States – Cookies, URL-Rewriting, Hidden Fields and Session Management APIs.
Session Tracking Parts of this presentation was provided by SSE.
Java Programming: Advanced Topics 1 Building Web Applications Chapter 13.
8-Mar-16 More About Servlets Session Tracking. Persistent information A server site typically needs to maintain two kinds of persistent (remembered) information:
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Java Database Connectivity.
Distributed Web Systems Cookies and Session Tracking Lecturer Department University.
Upsorn Praphamontripong CS Design and Implementation of Software for the Web Fall 2016 State Handling on the Web.
Introduction to Unique Aspects of Web Applications
WWW and HTTP King Fahd University of Petroleum & Minerals
Java Servlets By: Tejashri Udavant..
Sessions Many interactive Web sites spread user data entry out over several pages: Ex: add items to cart, enter shipping information, enter billing information.
Java Servlets.
Scope and State Handling in JSPs
Pre assessment Questions
Web Software Model CS 4640 Programming Languages for Web Applications
Session Tracking in Servlets
Pre-assessment Questions
Introduction to J2EE Architecture
Servlet API and Lifecycle
Introduction to Web Applications
Sessions.
Design and Maintenance of Web Applications in J2EE
Chapter 26 Servlets.
CS320 Web and Internet Programming Cookies and Session Tracking
Introduction to Servlets
Handling State in Web Applications
Objectives In this lesson you will learn about: Need for servlets
Cookies Cookies are small bits of textual information that a Web server sends to a browser and that the browser returns unchanged when later visiting the.
Session Tracking Techniques
Sessions Many interactive Web sites spread user data entry out over several pages: Ex: add items to cart, enter shipping information, enter billing information.
Scope and State Handling in Java Server Pages
Knowledge Byte In this section, you will learn about:
Back end Development CS Programming Languages for Web Applications
State Handling CS 4640 Programming Languages for Web Applications
Pre-assessment Questions
[Based in part on SWE 432 and SWE 632 materials by Jeff Offutt, GMU]
Servlet Session Tracking: Session API
Back end Development CS Programming Languages for Web Applications
State Handling CS 4640 Programming Languages for Web Applications
[Based in part on SWE 432 and SWE 632 materials by Jeff Offutt, GMU]
Presentation transcript:

Handling State in Java Servlets Jeff Offutt http://www.cs.gmu.edu/~offutt/ SWE 432 Design and Implementation of Software for the Web

Session State Information The initial versions of the web suffered from a lack of state: HTML Form Server Page State response Data If a web app needed multiple screens, there was no way for state to be accumulated or stored S1 S1+S2+S3 Form1 Form2 Form3 Server Form4 S1+S2 S1+S2+S3+S4 9 December 2018 © Offutt

Session Tracking Web applications need to maintain user state This is called session tracking 9 December 2018 © Offutt

Web apps are distributed HTTP is connectionless Session Tracking (2) Session: A series of related interactions between a client and a web server (similar to a use case) Session tracking keeps data between HTTP requests This problem is essential to maintaining state, which we understand quite well in the context of traditional procedural programming and object-oriented programming The Web brings in unique constraints Web apps are distributed HTTP is connectionless 9 December 2018 © Offutt

New Control Flow and State Handling Web apps use new language features to support session handling New control flow features New state management New variable scopes 9 December 2018 © Offutt

Traditional Control Flow Procedural languages Method / function calls Decisions – if, while, for, repeat-until, switch, … Static includes – other code pulled in before compiling OO languages Dynamic binding via polymorphism Client / Server Message passing 9 December 2018 © Offutt

Traditional Web Control Flow Mechanisms Web App Control Flow (1) Traditional Web Control Flow Mechanisms Same as traditional – Software on server and client Synchronous message passing – Client to server, HTTP Also server to other servers Event handling – On the client Dynamic include – Control passes to another component, then returns, no parameters 9 December 2018 © Offutt

New Control Flow Mechanisms Web App Control Flow (2) New Control Flow Mechanisms Forward – Transfers control from one server component to another, no return Redirect – Ask client to send request elsewhere Asynchronous message passing – Client to server, Ajax Operational transitions – Controlled by users and browsers (back button, forward, URL rewriting, history, caching) Dynamic binding – Reflection allows new components to be added and used dynamically 9 December 2018 © Offutt

Ramifications of New Control Flow The traditional control flow graph does not model essential parts of web app execution ! UML diagrams do not model many of these Most developers learn the syntax, but not the concepts behind these new control connections Lots of poorly designed software … and lots and lots of poorly understood software faults ! 9 December 2018 © Offutt

New Control Flow and State Handling To support session handling (and other issues) J2EE introduced new language mechanisms . New control flow features New state management New variable scopes 9 December 2018 © Offutt

Handling State in Procedural Languages The C programming language has simple ways to handle state Global variable char name [25]; main () { int x, y, z; . : Local variables OO languages added several layers of scope 9 December 2018 © Offutt

State in Object-Oriented Languages In addition to local and global variables, OO languages have other scopes Nonlocals : package, protected, default, … Data sharing in OO languages Two components can share data if they are in the same scope Two components can share data by passing parameters OO languages also are based on the concept of objects, which are instances of classes Classes define types, which are global Objects can be defined at multiple scopes 9 December 2018 © Offutt

Handling State in Java Package Class 1 public members protected members Class 3 Default (package) private members inheritance Class 2 Class 5 Class 4 9 December 2018 © Offutt

State on the Web These schemes have two simple, subtle, assumptions : 1. The software components share physical memory 2. The program runs to completion with active memory But these assumptions are violated in web applications ! Distributed software components Connectionless nature of HTTP To keep state in web applications, we need different ways to store and access variables and objects Public access and parameter passing are not enough for Web applications! 9 December 2018 © Offutt

State and Session Tracking Session tracking refers to passing data from one HTTP request to another Most web applications have several software components Web app components do not communicate directly Independent processes (threads) Connectionless protocol Client-server or N-tier architecture Execution flow always goes through a client How can these independent components share data? 9 December 2018 © Offutt

Session Tracking Methods Include data as extra parameters (URL rewriting) Hidden form fields Cookies Servlet API session tracking tools All four methods work by exchanging a token between the client and server Request with a Token Client C Server S Response with a Token 9 December 2018 © Offutt

Non-servlet Methods (1) URL Rewriting Forms usually add parameters URL ? P1=v1 & P2=v2 & P3=v3 & … You can add values in the URL as a parameter: HREF = "../servlet/X ? SneakyParam=42"> or: User=george"> This is used as a key to find the saved information about the user george. Messy and clumsy Long URLs Information on URL is public All HTML pages must be created dynamically 9 December 2018 © Offutt

Non-servlet Methods (2) Hidden Form Fields Flows of control go through the client Data that must be passed from one software component to another can be stored in hidden form fields in the HTML Generate HTML pages with forms that store “hidden” information : <INPUT type=“hidden” name=“User” value=“george”> Several problems : Insecure – users can see the data Unreliable – users can change the data Undependable – users can use the back button, direct URL entry, and URL rewriting to skip some hidden form fields Still useful in limited situations 9 December 2018 © Offutt

Non-servlet Methods (3) Cookies Cookies are small files or text strings Created by the web browser Arbitrary strings stored on the client From the server’s (Java) perspective: var=value pairs Java coding: Cookie c = new Cookie (“user”, “george”); c.setMaxAge (5*24*60*60); // expires in 5 days, in seconds response.addCookie (c); // sends cookie to client 9 December 2018 © Offutt

Non-servlet Methods (3) Cookies – cont. Cookies are very useful and simple Not visible as part of the HTML content Convenient way to solve a real problem But cookies are scary! It’s as if I stored my files at your house Cookies go way beyond session tracking Cookies allow behavior tracking 9 December 2018 © Offutt

(4) Servlet Sessions The servlet API uses cookies to provide a simple, safe, flexible method for session tracking Cookies are handled automatically HttpSession stores data in the current active object Data disappears when the object is destroyed Object is destroyed after the session ends, usually 30 minutes after the last request 9 December 2018 © Offutt

Sessions—Big Picture Web Server Client 1 Client 2 Time Time HTTP Request HTTP Request HTTP Response Session ID = 0347 HTTP Response Session ID = 4403 Server returns a new unique session ID when the request has none HTTP Request HTTP Request Session ID = 0347 Session ID = 4403 HTTP Response HTTP Response HTTP Request Session ID = 0347 HTTP Request Session ID = 4403 HTTP Response HTTP Response 9 December 2018 © Offutt

Sessions—Big Picture Web Server Client 1 Client 2 Time Time HTTP Request HTTP Request HTTP Response Session ID = 0347 HTTP Response Session ID = 4403 HTTP Request HTTP Request Session ID = 0347 Session ID = 4403 HTTP Response Client stores the ID and sends it to the server in subsequent requests HTTP Response HTTP Request Session ID = 0347 HTTP Request Session ID = 4403 Server recognizes all the requests as being from the same client. This defines a session. Server recognizes these requests as being from a different client. HTTP Response HTTP Response 9 December 2018 © Offutt

Servlet API for Session Methods void setAttribute (String name, Object attribute) : Adds an item (name) with its value (attribute) to the session Object getAttribute (String name) : Returns the value stored for the given name void removeAttribute (String name) : Removes an item from the session Enumeration getAttributeNames() : Returns an enumeration of all the value names that are stored for this session String getID() : Returns the session ID void invalidate() : Removes the current session 9 December 2018 © Offutt

Servlet API Session Methods (2) These methods are not synchronized Multiple servlets can access the same session object at the same time If this can happen, your program should synchronize the code that modifies the shared session attributes 9 December 2018 © Offutt

Using Session Objects Get a session object: HttpSession s = request.getSession (true); true: create if it does not exist false: return null if it does not exist Put objects into the session object (not primitive types): s.setAttribute (“answer”, 42); // does not work s. setAttribute (“answer”, new Integer (42)); Getting primitive values from session objects: Integer ansobj = (Integer) s.getAttribute (“answer”); int ans = ansobj.intValue (); Deleting session: s.invalidate (); // Information is thrown away 9 December 2018 © Offutt

Session Definition A session is defined by The web server The client Servlet container Servlet context The client IP address Browser Session objects are kept on the server Each session object uses different parts of memory (instances of data values) on the server 9 December 2018 © Offutt

Example Consider a small Web app with 2 servlets and 3 JSPs Client JSP 1 JSP 2 JSP 3 How can the servlets and JSPs share data? 9 December 2018 © Offutt

Sharing Data : Session Object One program component can store a value in the session object Another component can retrieve, use, and modify the value Depends on the servlet container: Software components are threads, not processes Servlet container stays resident and can keep shared memory 9 December 2018 © Offutt

Software components share “container” access data Session Data Example Software components share “container” access data session object Servlet Container Servlet S1 Servlet S2 Client JSP 1 JSP 2 JSP 3 9 December 2018 © Offutt

4. Set isLoggedIn true and set userID Login Example 1. User request Form Entry 3. if isLoggedIn false 2. Check isLoggedIn isLoggedIn: T/F userID: string 4. Set isLoggedIn true and set userID Login 7. if isLoggedIn false 6. Check isLoggedIn View Data 5. User request 9 December 2018 © Offutt

More on Maintaining State Sometimes we want to share session data among multiple clients User session state Cookies and session object Multi-user session state Servlet-context object Why do we need them? Chat rooms: Allow multiple users to interact Group working: Online meeting Online bidding Reservation systems 9 December 2018 © Offutt

Context (application) Context Scope Container Engine session object 1 session object 2 Servlet S2 Servlet S1 JSP 3 JSP 1 context object JSP 2 Session 1 Session 2 Context (application) 9 December 2018 © Offutt

Servlet Context Object The servlet context object supports resources that can be shared by groups of users : Get a servlet context object ServletContext servContext = getServletContext() Share information through context attributes servContext.getAttribute() servContext.setAttribute() servContext.removeAttribute() Information about servlet’s environment : Server name MIME type Method to write to a log file ( log() ) 9 December 2018 © Offutt

Summary Managing state is fundamental to any program Managing state is the most unique aspect of designing and programming web applications Software vendors are creating new frameworks all the time Most of them introduce additional state handling techniques Many professional developers make fundamental mistakes with managing state Books and tutorials describe syntax, but not concepts State management is the most common source of software faults in web applications 9 December 2018 © Offutt

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.