Presentation is loading. Please wait.

Presentation is loading. Please wait.

Session tracking There are a number of problems that arise from the fact that HTTP is a "stateless" protocol. In particular, when you are doing on- line.

Published byAldous Watkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Session tracking There are a number of problems that arise from the fact that HTTP is a "stateless" protocol. In particular, when you are doing on- line."— Presentation transcript:

1 Session tracking There are a number of problems that arise from the fact that HTTP is a "stateless" protocol. In particular, when you are doing on- line shopping

2 There are four typical solutions to this problem. Cookies. URL Rewriting. Hidden form fields. http session object

3 Hidden form fields. HTML forms have an entry that looks like the following:. This means that, when the form is submitted, the specified name and value are included in the GET or POST data. This can be used to store information about the session. hidden.java

4

5 Shopping cart hidddeneg.java

6 Cookies. You can use HTTP cookies to store information about a shopping session, and each subsequent connection can look up the current session and then extract information about that session from some location on the server machine. –Extracting the cookie that stores the session identifier from the other cookies (there may be many, after all), –Setting an appropriate expiration time for the cookie (sessions interrupted by 24 hours probably should be reset), and –Associating information on the server with the session identifier (there may be far too much information to actually store it in the cookie, plus sensitive data like credit card numbers should never go in cookies).

7 string getCurrentUser (string value) { string uname= new string(); If (value.equals(“564xx64”)) unsme= value from db or other area or “name”; } Void doGet(……..) { Cookies[] c = request.getCookies(); If (c != null) { For (i<c.length) name = c[i].getName(); if(name.equals(“session_id”)) user=getCurrentUser(c[i].getValue()); break; } If (user = null) {Add new cookie with name session_id and value “564xx64” } Else { responsestring =“ hello “+ user} ; out,.println ( responsestring ) }

8 URL rewriting With URL rewriting, every local URL the user might click on is dynamically modified, or rewritten, to include extra information. The extra information can be in the form of extra path information, added parameters, or some custom, server-specific URL change, or session id.

9 URL Rewriting. This is also an excellent solution, and even has the advantage that it works with browsers that don't support cookies or where the user has disabled cookies. However, it has most of the same problems as cookies, namely that the server-side program has a lot of straightforward but tedious processing to do. In addition, you have to be very careful that every URL returned to the user has the extra information appended. And, if the user leaves the session and comes back via a bookmark or link, the session information can be lost.

10 Void doGet(…………..) { ; String url = response.encodeRedirectURL( “http://localhost:8080/servlet/checkout?sid=5790”); response.sendRedirect(url); ; }

11 HttpSession object Using sessions in servlets is quite straightforward. involves –looking up the session object associated with the current request. – creating a new session object when necessary. – looking up information associated with a session. – storing information in a session, and –discarding completed or abandoned sessions.

12 Looking up the HttpSession object associated with the current request. This is done by calling the getSession method of HttpServletRequest. If this returns null, you can create a new session, but this is so commonly done that there is an option to automatically create a new session if there isn't one already. Just pass true to getSession. HttpSession session = request.getSession(true);

13 Looking up Information Associated with a Session. HttpSession objects live on the server; they're just automatically associated with the requester. These session objects have a built-in data structure that let you store any number of keys and associated values getAttribute, setAttribute

14 Although the data that was explicitly associated with a session is the part you care most about, there are some other pieces of information that are sometimes useful as well. getId. This method returns the unique identifier generated for each session. It is sometimes used as the key name when there is only a single value associated with a session, or when logging information about previous sessions. isNew. This returns true if the client (browser) has never seen the session, usually because it was just created rather than being referenced by an incoming client request. It returns false for preexisting sessions getCreationTime. This returns the time, in milliseconds since the epoch, at which the session was made. To get a value useful for printing out, pass the value to the Date constructor or the setTimeInMillis method of GregorianCalendar. getLastAccessedTime. This returns the time, in milliseconds since the epoch, at which the session was last sent from the client. getMaxInactiveInterval. This returns the amount of time, in seconds, that a session should go without access before being automatically invalidated. A negative value indicates that the session should never timeout.

15 Httpsession1.java –last access date Httpsession2.java –No of access

16

Download ppt "Session tracking There are a number of problems that arise from the fact that HTTP is a "stateless" protocol. In particular, when you are doing on- line."

Similar presentations

7 Copyright © 2005, Oracle. All rights reserved. Maintaining State in J2EE Applications.

7 Copyright © 2005, Oracle. All rights reserved. Maintaining State in J2EE Applications.
1 Web Search Interfaces. 2 Web Search Interface Web search engines of course need a web-based interface. Search page must accept a query string and submit.

1 Web Search Interfaces. 2 Web Search Interface Web search engines of course need a web-based interface. Search page must accept a query string and submit.
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Authentication and Security Joshua Scotton.  Sessions  Login and Authentication.

Authentication and Security Joshua Scotton.  Sessions  Login and Authentication.
Servlets and a little bit of Web Services Russell Beale.

Servlets and a little bit of Web Services Russell Beale.
Servlet Session Tracking. 2 Persistent information A server site typically needs to maintain two kinds of persistent (remembered) information: Information.

Servlet Session Tracking. 2 Persistent information A server site typically needs to maintain two kinds of persistent (remembered) information: Information.
Session Management A290/A590, Fall 2014 09/25/2014.

Session Management A290/A590, Fall /25/2014.
Servlet Session Tracking II Session API All material and examples are from www.coreservlets.com.

Servlet Session Tracking II Session API All material and examples are from
All You Ever Wanted To Know About Servlets But Were Afraid to Ask.

All You Ever Wanted To Know About Servlets But Were Afraid to Ask.
Servlets Compiled by Dr. Billy B. L. Lim. Servlets Servlets are Java programs which are invoked to service client requests on a Web server. Servlets extend.

Servlets Compiled by Dr. Billy B. L. Lim. Servlets Servlets are Java programs which are invoked to service client requests on a Web server. Servlets extend.
SE-2840 Dr. Mark L. Hornick1 Java Servlet-based web apps Servlet Architecture.

SE-2840 Dr. Mark L. Hornick1 Java Servlet-based web apps Servlet Architecture.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.

Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.

CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.

CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
Comp2513 Java Servlets and Sessions Daniel L. Silver, Ph.D.

Comp2513 Java Servlets and Sessions Daniel L. Silver, Ph.D.
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.

IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
Java Servlet Technology. Introduction Servlets are Java programs that run on a Web server, handle HTTP requests and build Web pages Servlet specification.

Java Servlet Technology. Introduction Servlets are Java programs that run on a Web server, handle HTTP requests and build Web pages Servlet specification.

Similar presentations

Ads by Google