Presentation is loading. Please wait.

Presentation is loading. Please wait.

Upsorn Praphamontripong CS Design and Implementation of Software for the Web Fall 2016 State Handling on the Web.

Published byPhilip Maurice Carroll Modified over 8 years ago

Similar presentations

Presentation on theme: "Upsorn Praphamontripong CS Design and Implementation of Software for the Web Fall 2016 State Handling on the Web."— Presentation transcript:

1 Upsorn Praphamontripong CS 4501-006 Design and Implementation of Software for the Web Fall 2016 State Handling on the Web

2 Session State Information 2 CS 4501-006 Web server Web client Web component 1 Web component 2 Web component n HttpServlet Request HttpServlet Request HTTP GET Request HTTP Response HttpServlet Response HttpServlet Response http://localhost:8080/ cs4501/displayForm Web application 1 st interaction  1 st request

3 Session State Information (2) 3 CS 4501-006 Web server Web client Web component 1 Web component 2 Web component n HttpServlet Request HttpServlet Request HTTP POST Request HTTP Response HttpServlet Response HttpServlet Response Web application 2 nd interaction  2 nd request

4 Session State Information (3) The initial versions of the web suffered from a lack of state If a web app needed multiple screens, there was no way for state to be accumulated or stored This is due to the stateless property of HTTP 4 CS 4501-006 HTML Form Server HTML Page State data response S1 S1+S2+S3 Form1Form2Form3 Server Form4 Server S1+S2 S1+S2+S3+S4 S1 Server S1+S2 S1+S2+S3

5 Session Tracking Web sites that are service-oriented or e-commerce need to maintain user state This is called session tracking Session = a series of related interactions between a client and a web server Session tracking = keeping data between multiple HTTP requests The web brings in unique constraints: HTTP is connectionless Web apps are distributed 5 CS 4501-006

6 New Control Flow and State Handling To support session handling (and other issues), J2EE introduced new features New control flow features New state management New variable scopes 6 CS 4501-006

7 Traditional Control Flow Procedural languages Method / function calls Decisions – if, while, for, repeat-until, switch, … Static includes – other code pulled in before compiling OO languages Dynamic binding via polymorphism Client / Server Message passing 7 CS 4501-006

8 Web App Control Flow (1) Traditional Web Control Flow Mechanisms 1. Same as traditional – Software on server and client 2. Synchronous message passing – Client to server, HTTP Also server to other servers 3. Event handling – On the client 4. Dynamic include – Control passes to another component, then returns, no parameters 8 CS 4501-006

9 Web App Control Flow (2) New Control Flow Mechanisms 5. Forward – Transfers control from one server component to another, no return 6. Redirect – Ask client to send request elsewhere 7. Asynchronous message passing – Client to server, Ajax 8. Operational transitions – Controlled by users and browsers (back button, forward, URL rewriting, history, caching) 9. Dynamic binding – Reflection allows new components to be added and used dynamically 9 CS 4501-006

10 Ramifications of New control Flow The traditional control flow graph does not model essential parts of web app execution ! UML diagrams do not model many of these Most developers learn the syntax, but not the concepts behind these new control connections 10 CS 4501-006

11 New Control Flow and State Handling To support session handling (and other issues), J2EE introduced new features New control flow features New state management New variable scopes 11 CS 4501-006

12 Handling State in Procedural Languages The C programming language has simple ways to handle state We added several layers of scope in OO languages 12 CS 4501-006 char name[25]; main() { int x, y, z:... } Global variables Local variables

13 State in Object-Oriented Languages In addition to local and global variables, OO languages have other scopes Nonlocals : package, protected, default, … Data sharing in OO languages Two components can share data if they are in the same scope Two components can share data by passing parameters OO languages also are based on the concept of objects, which are instances of classes Classes define types, which are global Objects can be defined at multiple scopes 13 CS 4501-006

14 Handling State in Java 14 CS 4501-006 Class 4 Class 1 inheritance Class 3Class 2 Package Class 5 private membersDefault (package)protected memberspublic members

15 State on the Web Two assumptions (traditional software): 1. The software components share physical memory 2. The program runs to completion with active memory These assumptions are violated in web apps due to 1. Distributed software components 2. Connectionless nature of HTTP Need ways to store and access variables and objects to keep state in web apps 15 CS 4501-006 Public access and parameter passing are not enough for web apps

16 State and Session Tracking Session tracking Passing data from one HTTP request to another A web app Composed of several web software components Web components do not communicate directly Independent processes (threads) Connectionless protocol Client-server or N-tier architecture Execution flow always goes through a client 16 CS 4501-006 How can these independent components share data ?

17 Session Tracking Methods URL rewriting -- include data as extra parameters Hidden form fields Cookies Servlet API session tracking tools 17 CS 4501-006 Server Client UI implemented in a browser Web server Container engine Program components HTTP Request (with a token / data) HTTP Response (with a token / HTML)

18 Non-servlet Methods: (1) URL Rewriting Forms usually add parameters You can add value in the URL as parameters The above example is used as a key to find the saved information about the user george Drawback Messy and clumsy Long URLs Information on URL is public All HTML pages must be created dynamically 18 CS 4501-006 href="../servletname?User=george"> URL?P1=v1&P2=v2&P3=v3&...

19 Non-servlet Methods: (2) Hidden Form Fields Flows of control go through the client Store data to be passed from one software component to another in hidden form fields in the HTML Generate HTML pages with forms that store “hidden” information Several problems: Insecure – users can see the data Unreliable – users can change the data Undependable – users can use the back button, direct URL entry, and URL rewriting to skip some hidden form fields Still useful in limited situations 19 CS 4501-006

20 Non-servlet Methods: (3) Cookies Cookies Small files or text strings Created by the web browser Arbitrary strings stored on the client From the server’s (Java) perspective: val_name=value pairs Java coding: 20 CS 4501-006 Cookie c = new Cookie(“user”, “george”); c.setMaxAge(5*24*60*60); // expires in 5 days, in seconds response.addCookie(c); // sends cookie to client

21 Non-servlet Methods: (3) Cookies – cont. Cookies Useful and simple Not visible as part of the HTML content Convenient way to solve a real problem Cookies are scary! It’s as if I stored my files at your house Cookies go way beyond session tracking Cookies allow behavior tracking 21 CS 4501-006

22 Servlet Methods: (4) Sessions HttpSession stores data in the current active object Data disappears when the object is destroyed Object is destroyed after the session ends, usually 30 minutes after the last request 22 CS 4501-006

23 Sessions (Overview) 23 CS 4501-006 Client 1 Time HTTP Request HTTP Response Session ID = 0347 HTTP Request HTTP Response HTTP Request HTTP Response Session ID = 0347 Time Client 2 HTTP Request HTTP Response Session ID = 4403 HTTP Request HTTP Response HTTP Request HTTP Response Session ID = 4403 Session ID = 0347 Session ID = 4403 Server returns a new unique session ID when the request has none Web server

24 Session ID = 0347 Sessions (Overview) 24 CS 4501-006 Client 1 Time HTTP Request HTTP Response Session ID = 0347 HTTP Request HTTP Response HTTP Request HTTP Response Session ID = 0347 Time Client 2 HTTP Request HTTP Response Session ID = 4403 HTTP Request HTTP Response HTTP Request HTTP Response Session ID = 4403 Web server Client stores the ID and sends it to the server in subsequent Server recognizes all the requests as being from the same client. This defines a session. Server recognizes all the requests as being from a different client.

25 Servlet API for Session Methods 25 CS 4501-006 void setAttribute(String name, Object attribute) Adds an item (name) with its value (attribute) to the session Object getAttribute(String name)Returns the value stored for the given name void removeAttribute(String name)Removes an item from the session Enumeration getAttributeNames()Returns an enumeration of all the value names that are stored for this session String getID()Returns the session ID void invalidate()Removes the current session

26 Servlet API for Session Methods (2) These methods are not synchronized Multiple servlets can access the same session object at the same time If this can happen, your program should synchronize the code that modifies the shared session attributes 26 CS 4501-006

27 Using Session objects Initialize a session object: Put objects into the session object (not primitive types): Get primitive values from session objects: Delete session: 27 CS 4501-006 HttpSession s = request.getSession(true); - true // create if it does not exist - False // return null if it does not exist s.setAttribute(“answer”, 42); // does not work s.setAttribute(“answer”, new Integer(42)); Integer ansobj = (Integer)s.getAttribute(“answer”); int ans = ansobj.intValue(); s.invalidate(); // Information is thrown away

28 Session Definition A session is defined by 1. The web server Servlet container Servlet context 2. The client IP address Browser Session objects are kept on the server Each session object uses different parts of memory (instances of data values) on the server 28 CS 4501-006

29 Example Consider a small web app with 2 servlets and 3 JSPs 29 CS 4501-006 How can the servlets and JSPs share data ? Client Servlet S1 JSP 3 JSP 2 JSP 1 Servlet S2 DB

30 Sharing Data: Session Object One program component can store a value in the session object Another component can retrieve, use, and modify the value Depends on the servlet container Software components are threads, not processes Servlet container stays resident and can keep shared memory 30 CS 4501-006

31 Session Data Example Software components share “container” access data 31 CS 4501-006 session object Servlet container Client Servlet S1 JSP 3 JSP 2 JSP 1 Servlet S2 DB

32 Login Example 32 CS 4501-006 Login Form Entry View Data isLoggedIn: T/F userID: string 2. Check isLoggedIn 4. Set isLoggedIn true and set userID 6. Check isLoggedIn 7. if isLoggedIn false 3. if isLoggedIn false 1. User request 5. User request

33 More on Maintaining State User session state Cookies and session object Multi-user session state Servlet-context object Why do we need them? Social network system – allow multiple users to interact Group working – online meeting Online bidding Reservation system, invitation system 33 CS 4501-006 Sometimes we want to share session data among multiple clients

34 Context Scope 34 CS 4501-006 session object 1 Container Engine Servlet S1 JSP 3JSP 2JSP 1 Servlet S2 context object Session 1 Context (application) session object 2 Session 2

35 Servlet Context Object The servlet context object supports resources that can be shared by groups of users: Get a servlet context object ServletContext servContext = getServletContext() Share information through context attributes servContext.getAttribute() servContext.setAttribute() servContext.removeAttribute() Information about servlet’s environments: Server name MIME type Method to write to a log file ( log() ) 35 CS 4501-006

36 Summary Managing state is fundamental to any program Managing state is the most unique aspect of designing and programming web applications Software vendors are creating new frameworks all the time Most of them introduce additional state handling techniques Many professional developers make fundamental mistakes with managing state Books and tutorials describe syntax, but not concepts CS 4501-006 36 State management is the most common source of software faults in web apps

Download ppt "Upsorn Praphamontripong CS Design and Implementation of Software for the Web Fall 2016 State Handling on the Web."

Similar presentations

Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 10 Servlets and Java Server Pages.

Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 10 Servlets and Java Server Pages.
7 Copyright © 2005, Oracle. All rights reserved. Maintaining State in J2EE Applications.

7 Copyright © 2005, Oracle. All rights reserved. Maintaining State in J2EE Applications.
Cutting Edge Research in Engineering of Web Applications Part 2 What is Different about Engineering Web Apps? Jeff Offutt Professor of Software Engineering.

Cutting Edge Research in Engineering of Web Applications Part 2 What is Different about Engineering Web Apps? Jeff Offutt Professor of Software Engineering.
 Copyright Wipro Technologies JSP Ver 1.0 Page 1 Talent Transformation Java Server Pages.

 Copyright Wipro Technologies JSP Ver 1.0 Page 1 Talent Transformation Java Server Pages.
Servlets and a little bit of Web Services Russell Beale.

Servlets and a little bit of Web Services Russell Beale.
Liang, Introduction to Java Programming, Sixth Edition, (c) 2005 Pearson Education, Inc. All rights reserved. 0-13-148952-6 1 Chapter 34 Servlets.

Liang, Introduction to Java Programming, Sixth Edition, (c) 2005 Pearson Education, Inc. All rights reserved Chapter 34 Servlets.
XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.

XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.
Servlets Compiled by Dr. Billy B. L. Lim. Servlets Servlets are Java programs which are invoked to service client requests on a Web server. Servlets extend.

Servlets Compiled by Dr. Billy B. L. Lim. Servlets Servlets are Java programs which are invoked to service client requests on a Web server. Servlets extend.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Java Server Pages B.Ramamurthy. Topics for Discussion 8/20/20152 Inheritance and Polymorphism Develop an example for inheritance and polymorphism JSP.

Java Server Pages B.Ramamurthy. Topics for Discussion 8/20/20152 Inheritance and Polymorphism Develop an example for inheritance and polymorphism JSP.
Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.

Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.

Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.

IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
Advanced Web Forms with Databases Programming Right from the Start with Visual Basic.NET 1/e 13.

Advanced Web Forms with Databases Programming Right from the Start with Visual Basic.NET 1/e 13.
Li Tak Sing COMPS311F. Static attributes in Servlets Since Servlets are also Java classes, you can also use static attributes to store values that can.

Li Tak Sing COMPS311F. Static attributes in Servlets Since Servlets are also Java classes, you can also use static attributes to store values that can.
J2EE Structure & Definitions Catie Welsh CSE 432

J2EE Structure & Definitions Catie Welsh CSE 432
JAVA SERVER PAGES. 2 SERVLETS The purpose of a servlet is to create a Web page in response to a client request Servlets are written in Java, with a little.

JAVA SERVER PAGES. 2 SERVLETS The purpose of a servlet is to create a Web page in response to a client request Servlets are written in Java, with a little.
Murach’s ASP.NET 4.0/VB, C1© 2006, Mike Murach & Associates, Inc.Slide 1.

Murach’s ASP.NET 4.0/VB, C1© 2006, Mike Murach & Associates, Inc.Slide 1.
Java Servlets & Java Server Pages Lecture 16 26 July 2013.

Java Servlets & Java Server Pages Lecture July 2013.

Similar presentations

Ads by Google