Presentation is loading. Please wait.

Presentation is loading. Please wait.

Handling State in Web Applications

Published byLeo Kelly Modified over 6 years ago

Similar presentations

Presentation on theme: "Handling State in Web Applications"— Presentation transcript:

1 Handling State in Web Applications
Jeff Offutt SWE 642 Software Engineering for the World Wide Web sources: Professional Java Server Programming, Patzer, Wrox Web Technologies: A Computer Science Perspective, Jackson, Prentice-Hall

2 Tracking State Information
The initial versions of the web suffered from a lack of state: HTML Form Data Info HTML Page Server If you wanted multiple screens, there was no way for data to be accumulated or stored D1 D1+D2+D3 Form1 Form2 Form3 Server Form4 D1+D2 D1+D2+D3+D4 12/24/2018 © Offutt

3 Session Tracking Web applications must maintain user states
This is called session tracking 12/24/2018 © Offutt

4 Session Tracking (2) Session: A series of related interactions between a client and a web server (similar to a use case) Session tracking refers to keeping data between multiple HTTP requests This problem is essential to maintaining state, which we understand quite well in the context of traditional functional programming and object-oriented programming The Web brings in unique constraints HTTP is stateless Web apps are distributed 12/24/2018 © Offutt

5 Handling State in Functional Languages
The C programming language has simple ways to handle state Global variable char name [25]; main () { int x, y, z; . : Local variables We added several layers of scope in OO languages 12/24/2018 © Offutt

6 State in Object-Oriented Languages
In addition to local and global variables, OO languages have other scopes Nonlocals : package, protected, default, … Data sharing in OO languages Two components can share data if they are in the same scope Two components can share data by passing parameters OO languages also are based on the concept of objects, which are instances of classes Classes define types, which are global Objects can be defined at multiple scopes 12/24/2018 © Offutt

7 Handling State in Java Package Class 1 public members
protected members Class 3 default private members inheritance Class 2 Class 5 Class 4 © Alexander & Offutt,

8 State on the Web These schemes have two simple, subtle, assumptions
1. The software components share physical memory 2. The program runs to completion with active memory But these assumptions are violated in web applications ! Distributed software components Stateless nature of HTTP To keep state in web applications, we need different ways to store and access variables and objects Public access and parameter passing are not possible in Web applications! 12/24/2018 © Offutt

9 State and Session Tracking
Session tracking refers to passing data from one HTTP request to another A web application is comprised of several software components The characteristics of a Web app means that the components do not communicate directly Independent processes (threads) Stateless protocol Client-server or N-tier architecture Execution flow always goes through a client How can these independent components share data? 12/24/2018 © Offutt

10 Session Tracking Methods
Include data as extra parameters (URL rewriting) Hidden form fields Cookies Servlet API session tracking tools All four methods work by exchanging a token between the client and server Request with a Token Client C Server S Response with a Token 12/24/2018 © Offutt

11 Non-servlet Methods – (1) URL Rewriting
Forms usually add parameters URL ? P1=v1 & P2=v2 & P3=v3 & … You can add values in the URL as a parameter : HREF = "./servlet/X ? SneakyParam=42"> or : User=george"> This is used as a key to find the saved information about the user george Messy and clumsy Long URLs Information on URL is public All HTML pages must be created dynamically Often limited in size 12/24/2018 © Offutt

12 Non-servlet Methods – (2) Hidden Form Fields
Flows of control go through the client Data that must be passed from one software component to another can be stored in hidden form fields in the HTML Generate HTML pages with forms that store “hidden” information : <INPUT type=“hidden” name=“User” value=“george”> Several problems : Insecure – users can see the data Unreliable – users can change the data Undependable – users can use the back button, direct URL entry, and URL rewriting to skip some hidden form fields Still useful in limited situations 12/24/2018 © Offutt

13 Non-servlet Methods – (3) Cookies
Cookies are small files or text strings stored on the client's computer Created by the web browser Arbitrary strings, but sometimes var=value pairs or XML Java coding : Cookie c = new Cookie (“user”, “george”); c.setMaxAge (5*24*60*60); // expires in 5 days, in seconds response.addCookie (c); // sends cookie to client 12/24/2018 © Offutt

14 Non-servlet Methods – (3) Cookies – cont.
Cookies are very useful and simple Not visible as part of the HTML content Convenient way to solve a real problem But cookies are scary ! It’s as if I stored my files at your house Cookies go way beyond session tracking Cookies allow behavior tracking 12/24/2018 © Offutt

15 (4) Servlet Sessions The servlet API uses cookies to provide a simple, safe, flexible method for session tracking Cookies are handled automatically HttpSession stores data in the current active object Data disappears when the object is destroyed Object is destroyed after the session ends, usually 30 minutes after the last request 12/24/2018 © Offutt

16 Server returns a new unique session ID when the request has none
Sessions—Big Picture Web Server Client 1 Client 2 Time Time HTTP Request HTTP Request HTTP Response Session ID = 0347 HTTP Response Session ID = 4403 Server returns a new unique session ID when the request has none HTTP Request HTTP Request Session ID = 0347 Session ID = 4403 HTTP Response HTTP Response HTTP Request Session ID = 0347 HTTP Request Session ID = 4403 HTTP Response HTTP Response 12/24/2018 © Offutt

17 Sessions—Big Picture Web Server Client 1 Client 2 Time Time HTTP Request HTTP Request HTTP Response Session ID = 0347 HTTP Response Session ID = 4403 HTTP Request HTTP Request Session ID = 0347 Session ID = 4403 HTTP Response Client stores the ID and sends it to the server in subsequent requests HTTP Response HTTP Request Session ID = 0347 HTTP Request Session ID = 4403 Server recognizes all the requests as being from the same client. This defines a session. Server recognizes these requests as being from a different client. HTTP Response HTTP Response 12/24/2018 © Offutt

18 Servlet API for Session Methods
void setAttribute (String name, Object attribute) : Adds an item to the session Object getAttribute (String name) : Returns the value stored for the given name, or null if no attribute with this name void removeAttribute (String name) : Removes an item from the session Enumeration getAttributeNames() : Returns an enumeration of all the value names that are stored for this session String getID() : Returns the session ID void invalidate() : Removes the current session 12/24/2018 © Offutt

19 Servlet API Session Methods (2)
These methods are not synchronized Multiple servlets can access the same session object at the same time If this can happen, your program should synchronize the code that modifies the shared session attributes 12/24/2018 © Offutt

20 How to Use Session Objects
Get a session object : HttpSession s = request.getSession (true); true : create if session does not exist. false : return null if session does not exist. Put objects into the session object (not primitive types): s.setAttribute (“answer”, 42); // does not work s.setAttribute (“answer”, new Integer (42)); Get values from session objects (just like a hash table) : Integer ansobj = (Integer) s.getAttribute (“answer”); int ans = ansobj.intValue (); Deleting session : s.invalidate (); // Information is thrown away Setting the time-out duration s.setMaxInactiveInterval (int); // seconds until deletion 12/24/2018 © Offutt

21 Session Definition A session is defined by The web server The client
Servlet container Servlet context The client IP address Browser Session objects are kept on the server Each session object uses different parts of memory (instances of data values) on the server 12/24/2018 © Offutt

22 Example Consider a small Web app with 2 servlets and 3 JSPs
Client JSP 1 JSP 2 JSP 3 How can the servlets and JSPs share data? 12/24/2018 © Offutt

23 Sharing Data : Session Object
One program component can store a value in the session object Another component can retrieve, use, and modify the value Depends on the servlet container : Software components are threads, not processes Servlet container stays resident and can keep shared memory 12/24/2018 © Offutt

24 Software components share “container” access data
Session Data Example Software components share “container” access data session object Servlet Container Servlet S1 Servlet S2 Client JSP 1 JSP 2 JSP 3 12/24/2018 © Offutt

25 4. Set isLoggedIn true and set userID
Login Example 1. User request Form Entry 3. if isLoggedIn false 2. Check isLoggedIn isLoggedIn: T/F userID: string 4. Set isLoggedIn true and set userID Login 7. if isLoggedIn false 6. Check isLoggedIn View Data 5. User request 12/24/2018 © Offutt

26 Session Scope and Context Scope
The session object is available to software components in the same request and session They have access to the session ID This is called session scope Sometimes we need a wider scope Chat rooms : Allow multiple users to interact Group collaboration : Online meeting Online bidding Reservation systems J2EE also defines a context scope This allows us to share data among multiple users 12/24/2018 © Offutt

27 Servlet Context Object
The servlet context object supports resources that can be shared by groups of users : Get a servlet context object ServletContext servContext = getServletContext() Share information through context attributes servContext.getAttribute() servContext.setAttribute() servContext.removeAttribute() Information about servlet’s environment : Server name MIME type Method to write to a log file ( log() ) 12/24/2018 © Offutt

28 Session and Context Scope Examples
Compare attributeServlet and servletContext examples Try them in different browsers Compare the differences 12/24/2018 © Offutt

29 Summary Managing state is fundamental to any program
Managing state is the most unique aspect of designing and programming web applications Software vendors are creating new frameworks all the time Most of them introduce additional state handling techniques Many professional developers make fundamental mistakes with managing state State management is the most common source of software faults in web applications 12/24/2018 © Offutt

Download ppt "Handling State in Web Applications"

Similar presentations

7 Copyright © 2005, Oracle. All rights reserved. Maintaining State in J2EE Applications.

7 Copyright © 2005, Oracle. All rights reserved. Maintaining State in J2EE Applications.
Cutting Edge Research in Engineering of Web Applications Part 2 What is Different about Engineering Web Apps? Jeff Offutt Professor of Software Engineering.

Cutting Edge Research in Engineering of Web Applications Part 2 What is Different about Engineering Web Apps? Jeff Offutt Professor of Software Engineering.
 Copyright Wipro Technologies JSP Ver 1.0 Page 1 Talent Transformation Java Server Pages.

 Copyright Wipro Technologies JSP Ver 1.0 Page 1 Talent Transformation Java Server Pages.
Liang, Introduction to Java Programming, Sixth Edition, (c) 2005 Pearson Education, Inc. All rights reserved. 0-13-148952-6 1 Chapter 34 Servlets.

Liang, Introduction to Java Programming, Sixth Edition, (c) 2005 Pearson Education, Inc. All rights reserved Chapter 34 Servlets.
Computer Science 101 Web Access to Databases Overview of Web Access to Databases.

Computer Science 101 Web Access to Databases Overview of Web Access to Databases.
All You Ever Wanted To Know About Servlets But Were Afraid to Ask.

All You Ever Wanted To Know About Servlets But Were Afraid to Ask.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
ASHIMA KALRA.  INTRODUCTION TO JSP INTRODUCTION TO JSP  IMPLICIT OBJECTS IMPLICIT OBJECTS  COOKIES COOKIES.

ASHIMA KALRA.  INTRODUCTION TO JSP INTRODUCTION TO JSP  IMPLICIT OBJECTS IMPLICIT OBJECTS  COOKIES COOKIES.
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.

IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
Advanced Web Forms with Databases Programming Right from the Start with Visual Basic.NET 1/e 13.

Advanced Web Forms with Databases Programming Right from the Start with Visual Basic.NET 1/e 13.
JAVA SERVER PAGES. 2 SERVLETS The purpose of a servlet is to create a Web page in response to a client request Servlets are written in Java, with a little.

JAVA SERVER PAGES. 2 SERVLETS The purpose of a servlet is to create a Web page in response to a client request Servlets are written in Java, with a little.
Session tracking There are a number of problems that arise from the fact that HTTP is a stateless protocol. In particular, when you are doing on- line.

Session tracking There are a number of problems that arise from the fact that HTTP is a "stateless" protocol. In particular, when you are doing on- line.
Session Tracking - 2 Lec 32. Last Lecture Review  Session Tracking – why?  Need to store state – typical solutions Cookies – already learned URL Rewriting.

Session Tracking - 2 Lec 32. Last Lecture Review  Session Tracking – why?  Need to store state – typical solutions Cookies – already learned URL Rewriting.
Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed).

Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed).
Java Servlets & Java Server Pages Lecture 16 26 July 2013.

Java Servlets & Java Server Pages Lecture July 2013.
Chapter 6 Server-side Programming: Java Servlets

Chapter 6 Server-side Programming: Java Servlets
Chapter 9 Session Tracking. Session Tracking Basics Accessing the session object associated with the current request: Call request.getSession to get an.

Chapter 9 Session Tracking. Session Tracking Basics Accessing the session object associated with the current request: Call request.getSession to get an.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Session Management.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Session Management.
® IBM Software Group © 2007 IBM Corporation Best Practices for Session Management 4.1.0.3.

® IBM Software Group © 2007 IBM Corporation Best Practices for Session Management
CSCI 6962: Server-side Design and Programming Java Server Faces Scoping and Session Handling.

CSCI 6962: Server-side Design and Programming Java Server Faces Scoping and Session Handling.

Similar presentations

Ads by Google