Download presentation
Presentation is loading. Please wait.
Published byAlberta Scott Modified over 9 years ago
1
Session Tracking - 2 Lec 32
2
Last Lecture Review Session Tracking – why? Need to store state – typical solutions Cookies – already learned URL Rewriting Hidden Form Fields
3
Session Tracking Amazon Servlet Container Session ID = 123XYZ Shopping Cart sc [item 1=324] Request Credit: cs193i at Standford
4
Session Tracking Amazon Servlet Container Session ID = 123XYZ Shopping Cart sc [item 1=324] Response: Set-Cookie: sid=123XYZ Credit: cs193i at Standford
5
Session Tracking Amazon Servlet Container Session ID = 123XYZ Shopping Cart sc [item 1=324] Request: Set-Cookie: sid=123XYZ Credit: cs193i at Standford
6
Session Tracking Amazon Servlet Container Session ID = 123XYZ Shopping Cart sc [item 1=324 item 2=115] Request: Set-Cookie: sid=123XYZ Credit: cs193i at Standford
7
URL Rewriting
8
We can pass extra information to client by rewriting URLs. (appending info with URL) The extra information can be in the form of Extra path information, Added parameters, or Some custom, server-specific URL change Due to limited space available in rewriting a URL, the extra information is usually limited to a unique session ID
9
URL Rewriting: Examples For example, the following URLs have been rewritten to pass the session id 123 Original http://server:port/servlet/rewrite Extra path information http://server:port/servlet/rewrite/123 Added parameter http://http://server:port/servlet/rewrite?id=123 Custom change http://server:port/servlet/rewrite;$id$123
10
URL Rewriting: Disadvantages What if the user bookmarks the page? Every URL on a page which needs the session information must be rewritten each time page is served Computationally expensive Can increase communication overhead State stored in URLs is not persistent Limits the client’s interaction with the server to HTTP GET request
11
Hidden Form Fields
12
13
Java’s Solution for Session Tracking HttpSession API
14
Using HttpSession 1.To get the user’s session object Call getSession( ) method of HTTPServletRequest class pass false to the getSession() method HttpSession ses = request.getSession(false); If no current session exists: You will get a null object
15
Using HttpSession cont. 1.To get the user’s session object (cont.) If true is passed to the getSession() method then If user already has a session the existing session is returned For example: HttpSession ses = request.getSession(true); If no session exists a new one is created and returned
16
Using HttpSession cont. 2. Storing information in a session Session objects works like a HashMap HashMap is able to store any type of java object You can therefore store any number of keys and their values For example ses.setAttribute(“id”, “123”); keyValue
17
Using HttpSession cont. 3. Looking up information associated with a session String sID = (String)ses.getAttribute(“id”); returns an Object type, so you will need to perform a type cast
18
Using HttpSession cont. 4. Terminating session Automatic After the amount of time session gets terminated automatically( getMaxInactiveInterval( ) ) Manual ses.invalidate();
19
Example Code Showing Session Information
20
Encoding URLs Sent to Client HttpServletResponse provides two methods to perform encoding 1. String encodeURL(String URL) 2. String encodeRedirectURL(String URL) If Cookies disabled Both methods encodes (rewrites) the specified URL to include the session ID and returns the new URL If Cookies enabled Returns the URL unchanged
21
Encoding URLs Sent to Client cont. 1. String encodeURL(String URL) For example String URL = “/servlet/sessiontracker”; String eURL = response.encodeURL(URL); out. println("... ");
22
Encoding URLs Sent to Client cont. 2. String encodeRedirectURL(String URL) For example String URL = “/servlet/sessiontracker”; String eURL = response.encodeRedirectURL(URL); response.sendRedirect(eURL);
23
Example Code Online Book Store
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.