© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Session Management.

Slides:



Advertisements
Similar presentations
Servlets & JSPs - Sharad Ballepu.
Advertisements

Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 10 Servlets and Java Server Pages.
7 Copyright © 2005, Oracle. All rights reserved. Maintaining State in J2EE Applications.
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
1 Servlets Based on Notes by Dave Hollinger & Ethan Cerami Also, the Online Java Tutorial by Sun.
 2002 Prentice Hall. All rights reserved. Chapter 9: Servlets Outline 9.1 Introduction 9.2 Servlet Overview and Architecture Interface Servlet and.
 Copyright Wipro Technologies JSP Ver 1.0 Page 1 Talent Transformation Java Server Pages.
Objectives Ch. D - 1 At the end of this chapter students will: Know the general architecture and purpose of servlets Understand how to create a basic servlet.
Servlets and a little bit of Web Services Russell Beale.
Liang, Introduction to Java Programming, Sixth Edition, (c) 2005 Pearson Education, Inc. All rights reserved Chapter 34 Servlets.
Servlet Session Tracking. 2 Persistent information A server site typically needs to maintain two kinds of persistent (remembered) information: Information.
XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.
Servlet Session Tracking II Session API All material and examples are from
All You Ever Wanted To Know About Servlets But Were Afraid to Ask.
Servlets Compiled by Dr. Billy B. L. Lim. Servlets Servlets are Java programs which are invoked to service client requests on a Web server. Servlets extend.
SE-2840 Dr. Mark L. Hornick1 Java Servlet-based web apps Servlet Architecture.
Java Servlets. What Are Servlets? Basically, a java program that runs on the server Basically, a java program that runs on the server Creates dynamic.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.
1 Web Developer & Design Foundations with XHTML Chapter 6 Key Concepts.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
Advanced Web Forms with Databases Programming Right from the Start with Visual Basic.NET 1/e 13.
Session tracking There are a number of problems that arise from the fact that HTTP is a "stateless" protocol. In particular, when you are doing on- line.
16-Oct-15 JSP Implicit Objects. 2 JSP Implicit Objects are the Java objects that the JSP Container makes available to developers in each page and developer.
Session Tracking - 2 Lec 32. Last Lecture Review  Session Tracking – why?  Need to store state – typical solutions Cookies – already learned URL Rewriting.
J2EE training: 1 Course Material Usage Rules PowerPoint slides for use only in full-semester, for-credit courses at degree-granting.
Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed).
Chapter 6 Server-side Programming: Java Servlets
Chapter 9 Session Tracking. Session Tracking Basics Accessing the session object associated with the current request: Call request.getSession to get an.
STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state.
® IBM Software Group © 2007 IBM Corporation Best Practices for Session Management
CSCI 6962: Server-side Design and Programming Java Server Faces Scoping and Session Handling.
All You Ever Wanted To Know About Servlets But Were Afraid to Ask.
JAVA Sessions 1. What is Session Tracking? There are a number of problems that arise from the fact that HTTP is a "stateless" protocol. In particular,
The Problem of State. We will look at… Sometimes web development is just plain weird! Internet / World Wide Web Aspects of their operation The role of.
Li Tak Sing COMPS311F. A web page that counts the number of times that you have visited the page. You can try the page at:
1 Java Servlets l Servlets : programs that run within the context of a server, analogous to applets that run within the context of a browser. l Used to.
CSI 3125, Preliminaries, page 1 SERVLET. CSI 3125, Preliminaries, page 2 SERVLET A servlet is a server-side software program, Responds oriented other.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 JSP Application Models.
CSI 3125, Preliminaries, page 1 SERVLET. CSI 3125, Preliminaries, page 2 SERVLET A servlet is a server-side software program, written in Java code, that.
Slides © Marty Hall, book © Sun Microsystems Press 1 Session Tracking Core Servlets & JSP book: More.
1 State and Session Management HTTP is a stateless protocol – it has no memory of prior connections and cannot distinguish one request from another. The.
©SoftMooreSlide 1 Session Tracking with Servlets.
CSC 2720 Building Web Applications Managing Users' States – Cookies, URL-Rewriting, Hidden Fields and Session Management APIs.
MIT AITI 2004 JSP – Lecture 4 Sessions and Cookies.
Session Tracking Parts of this presentation was provided by SSE.
Java Programming: Advanced Topics 1 Building Web Applications Chapter 13.
8-Mar-16 More About Servlets Session Tracking. Persistent information A server site typically needs to maintain two kinds of persistent (remembered) information:
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Java Database Connectivity.
Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()
PHP: Further Skills 02 By Trevor Adams. Topics covered Persistence What is it? Why do we need it? Basic Persistence Hidden form fields Query strings Cookies.
Distributed Web Systems Cookies and Session Tracking Lecturer Department University.
JSP Implicit Objects CS 422 Dick Steflik.
Sessions Many interactive Web sites spread user data entry out over several pages: Ex: add items to cart, enter shipping information, enter billing information.
Java Servlets.
Chapter 6 Server-side Programming: Java Servlets
Pre-assessment Questions
Sessions.
SESSION TRACKING.
CS320 Web and Internet Programming Cookies and Session Tracking
All You Ever Wanted To Know About Servlets
Handling State in Java Servlets
Handling State in Web Applications
Objectives In this lesson you will learn about: Need for servlets
Cookies Cookies are small bits of textual information that a Web server sends to a browser and that the browser returns unchanged when later visiting the.
Sessions Many interactive Web sites spread user data entry out over several pages: Ex: add items to cart, enter shipping information, enter billing information.
Pre-assessment Questions
Servlet Session Tracking: Session API
Presentation transcript:

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Session Management

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Review  Page-centric designs in JSP are called Model 1 architecture  Model 1 architecture is used for simple applications and generates dynamic content  Model 2 architecture is suitable for large and complex applications as it uses a combination of servlets and JSP  Model 2 applications are based on Model-View-Controller (MVC) pattern  MVC pattern contains a Model, View, and Controller  RequestDispatcher interface forwards the request from a JSP page or a servlet to other resources, such as HTML file, servlet, or a JSP page  The two methods in RequesDispatcher interface are include() and forward()  Errors in JSP page include Translation time and Request time errors

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Objectives  Define session  Explain and implement session tracking mechanism  Describe session lifecycle  Extend Java Server Pages

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Introducing Session  A long-term connection using the session layer of a network protocol  The Web server identifies requests and responses across a network connection as a single working session  Session acts as a link between the Web server and the client events  Web server uses the session to post client events to the server objects

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Introducing Session - Contd…  JSP uses the sessions to store unique data of a particular client connected to a Web application Sessions for two Web browsers (Clients)

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Methods in Session MethodsDescription getAttribute() Returns the object with specified name defined in the session. The getAttribute() method returns null if object is not found getAttributeNames() Returns list of objects defined in the session getCreationTime() Returns the creation time of the session in milliseconds since midnight January 1, 1970 GMT getId() Returns the unique identifier which is the session Id, as a string getLastAccessedTime() Returns the time of last client request with the session. The time is returned as number of milliseconds since midnight January 1, 1970 GMT

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Methods in Session - Contd… MethodsDescription getMaxInactive Interval() Returns the maximum time interval of the session. The servlet container keeps the session open till the user accesses the Web site removeAttribut e() Removes the object associated with the specified string from the session setAttribute() Associates an object with the specified key string and stores it to the session setMaxInactive Interval() Specifies the time interval in seconds between the client requests before the servlet container will invalidate this session

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Overview of Session Tracking Mechanisms  Maintains a session till the user is browsing the Web site  Used in interactive Web applications to store the information of the user logged in to the Web site  The information stored is used to identify the user sending a request to the Web server  Session tracking helps to maintain the session information and keeps track of the multiple requests made by the client

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Implementing Session Tracking – Mechanisms  Server-side technologies maintain the information on the Web server  The server creates a session Id for the user logged in to the Web site and sends the session Id to the user computer  The session tracking feature contained in the servlets or JSP container maintains the state of a Web browser

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Session Tracking - Contd…  Information is sent to the browser in three ways, which include:  Cookies  URL Rewriting  Hidden form field method

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Cookies  Cookies are text files stored on the user’s computer containing the session Id of the user sent by the Web server  The cookie is sent back to the Web server with every subsequent request made by the user in the same session  The cookie includes a name, a single value and optional attributes  Cookies are used for maintaining sessions and do not have an expiration time

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Cookies – Contd…  Cookies help to maintain a single session for a user browsing the Web site

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Cookies – Contd…  Advantages of Cookies are:  Remember user IDs and password.  To track visitors on a Web site for better service and new features.  Cookies enable efficient ad processing.  Disadvantages of Cookies are: The size and number of cookies stored are limited. Personal information is exposed to the other users. Cookies fails to work if the security level is set too high in the Internet browser.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 URL Rewriting  JSP hides the details of a cookie-based session tracking and supports the URL rewriting mechanism  URL Rewriting works with Web browsers that do not support cookies or the cookies that are disabled on a Web browser  Each URL that references the Web browser is returned to the user and contains additional information

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 URL Rewriting – Contd… The session ID is encoded in the URLs that are created by the JSP pages

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 URL Rewriting – Contd… Search results for books CD MP3 Converter Kit For Your CAR Front Loading Car MP3/CD Player With Anti Shock Memory and FM CAR/Home DVD/VCD/MP3 Playerwith anti shock for Indian Roads URL of server side program Provides check box for different products Submits the user input to URL

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 URL Rewriting - Contd… Search results for books DVD Player with built in Amplifier Ultra Slim DVD Player Multi Region 5.1 Digital URL for server side program after the user selects a product and goes to another page Provides check box for different products Submits input to the URL

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 URL Rewriting – Contd…  Disadvantages of Cookies are:  Server side processing is tedious.  Every URL that is returned to the user should have additional information appended to it.  If the user leaves the session and opens the Web page using a link or bookmark then the session information is lost.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Hidden Form Fields Method  Information from the Web browser is returned to the Web server in the form of HTTP parameters  Utilizes the hidden fields in an HTML page  Hidden fields in the form are used to send the information to the Web browser  Stores information about a session  Helps to carry the information from one HTML page to another

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Hidden Form Fields – Contd…  When the user visits the next page, the server side program reads all the parameters that a user passes in the previous form

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Hidden Form Fields Example Search results for books DVD Player with Built in Amplifier Ultra Slim DVD Player Multi Region 5.1 Digital Hidden input field Provides check box for user input Submits user input to the server side program

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Hidden Form Fields – Contd…  The advantages of hidden form fields are:  Simplest way to implement session tracking  Displays nothing on the HTML page but can be used to hold any kind of data  Helps to maintain a connection between two pages  The disadvantage of hidden form fields is that this method of session tracking displays sensitive information to the user.  The information includes the data passed around to maintain a session.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Session Life Cycle  The server assigns a unique ID to the session created for a particular user request.  This session ID is passed to the client as a cookie or a hidden variable.  The session is considered new until the client returns the session ID to the server through a cookie or as a part of the requested URL.  A session exists on the server until it becomes invalid or the server is stopped.  The HttpSession objects are used to store the session data in the current servlet context.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Using Session Object  Session object can be used to store and read data.  The session object acts almost like a bulletin board from where the objects can be written or read

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Using Session Object - Contd… … // Obtain a session object HttpSession session = request.getSession(true); //Add an item to the session Integer sessionData = new Integer (100); Session.putValue(“IntValue”, sessionData); … Obtains a session object Adds item to the session object The request() method requests for the session object.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Using Session Object - Contd… … // Obtain a session object HttpSession session = request.getSession(true); // Read the session data and cast it to the appropriate object type Integer sessionInt = (Integer) session.getValue(“session”); int count = sessionInt.intValue(); … Obtains a session object Reads the session value Casts the session value to appropriate datatype The session value can be read and cast to the appropriate object type.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Using Session Objects – Contd… <% String sessionval=(String)session.getAttribute("userid")); if(sessionval == null) { session.setAttribute("userid",sessionval); out.println(session.getAttribute("userid")); } else { out.println("User Session already created"); } %> click this link to ">remove session attribute click this link to "> invalidate the session Accepts userid If sessionval is null, the value of sessionval is set to userid. Removes the session Invalidates the session The session can be invalidated using the invalidate() method of the HttpSession object.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Using Session Object – Contd…  The binding of objects to a request object is similar to the storing of the object in a session  An object bound to a request is available only for the life of that particular request  An object can be bound using the setAttribute(String key, Object obj) method in the HttpRequest interface  An object can be retrieved using the getAttribute(String key) method.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Extending Java Server Pages  The superclass may offer several benefits, such as, a set of utilities, which may not be offered by the standard packages  In order to extend a JSP from a superclass, both the superclass and the extended JSP must follow several requirements

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Superclass  A superclass must implement the HttpJspPage interface to use the HTTP protocol or it must implement the JSP interface.  The superclass should include:  All methods from the Servlet Interface and must be declared as final.  The Service() method that should invoke the _ jspService() method.  The init() method that should invoke the jspInit() method.  The destroy() method that should invoke the jspDestroy() method

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 JSP Sub-class  A JSP sub-class should provide jspInit() method and jspDestroy() method. <%! public void jspInit(){ } public void jspDestroy(){ } %> <% out.println(“ User Name: ” + getUser(request) + “ ”); out.println(“ Catalog: ” + getCatalog(request)); %> Empty methods that satisfy the JSP sub- classing conditions

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Summary  Session is a long-term connection that uses the session layer of a network layer protocol  Session acts as a link between the server and the client events  Web server uses the session to post client events to the server objects  Server objects utilize the session for passing messages to the client and listening to client events  The different methods of session object includes:  getAttribute()  getAttributeNames()  getCreationTime()  getId()  getLastAccessedtime()  getMaxInactiveInterval()  removeAttribute()  setAttribute()  setMaxInactiveInterval()

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Summary – Contd…  Session tracking maintains a session till the user browses the Web site  The session tracking feature contained in the servlets or JSP container maintains the state of a Web browser  Cookies are text files stored on the user’s computer containing the session Id of the user, sent by the Web server  A Cookie is sent back to the Web server with every subsequent request made by the user in the same session  URL rewriting works with Web browsers that do not support cookies or the cookies that are disabled on a Web browser  The information from the Web browser is returned to the server in the form of HTTP parameters  Hidden form fields are used to store information about a session.  Hidden form field helps to carry the information from one HTML page to another HTML page

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Summary – Contd…  The server assigns a unique ID to the session created for a particular user request.  The HttpSession object is defined by the HttpSession interface, and is obtained using the getSession() method of the HttpServletRequest object.  Session object can be used to store and read data and acts almost like a bulletin board from where the objects can be written or read.  When the reading or writing operation is complete, the session can be invalidated using the invalidate() method of the HttpSession object.  Binding of objects to a request object is similar to the storing of the object in a session.  An object can be bound using the setAttribute(String key, Object obj) method in the HttpRequest interface, and can be retrieved using the getAttribute(String key) method.  A superclass must implement the HttpJspPage interface to use the HTTP protocol or it must implement the JSP interface.  A JSP sub-class should provide jspInit() method and jspDestroy() method.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Q & A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.