CS6320:  SW Engineering of Web Based Systems
Instructor Outline Syllabus Projects Links  

 
Servlets: Session Tracking







Why Session Tracking?

  • There is a need for many applications to maintain data across multiple client requests.
  • Example:  On-line Shopping Cart
    • User travels around different web-pages, looking at products
    • Occasionally saves an item in their shopping cart.
General Solutions:
1) Cookies
  • one problem can be that a user can disable cookies.
2) URL-rewriting
  • The client appends extra data on the end of each URL that identifies the session
      • e.g. http://host/path/file.html;sessionid=1234    (here the id is sessionid=1234)
  • The server associates that ID with data it has stored about the session
  • Tedious updating of information.
  • One problem if user leaves the sesion and comes back via a bookmark, the session information can be lost.
  • Good when browser does not support cookies or has disabled them.


3) Hidden Form Fields

    • The idea here is that when new pages are given to the user (e.g. to continue shopping), HTML form tags that are hidden containing the data you wish to save/track is stored.
      • <INPUT  TYPE="HIDDEN" NAME="Session" Value=">>>>>>">
    • When the user on this new page submits the form, this hidden data is also sent to the server along with any new data.
    • Problem: will only work if each consecutive web-page the user visits (e.g. in their shopping spree) is dynamically generated.

 
 
 
 
Servlet Solutions
 
  • Can implement Cookies
  • Can use Session Tracking API
Servlet Session Tracking API
 
  • Built on top of Cookie and URL-rewriting technology.
  • Servlet Engine will translate Session Tracking calls to Cookies if they are enabled, and will otherwise use URL-rewriting.  This is behind the scenes....you don't worry about it.
Concept:
When the client makes a HTTP request of the Servlet (e.g. will invoke the doGet or doPost methods)
1) Create or Retrieve the session associated with this client.
Note: the first time the Servlet recieves a request from client A it will not have a session associated with it, because the Servlet did not yet explicitly create it yet.  The nth time the Servlet recieves a request from client A, if it had on a previous request from this same client, created a session, it will then retrieve this same session rather than creating a new one.

Hence, you can keep persistent data for client A, between requests made to the Servlet.

2) Add/Remove/Lookup attribute values stored with the session as indicated by the task at hand (what the servlet is being requested to do).
 
Store information as needed in this session object.
 
Create/Retrieve Current Session.

HttpServletRequest.getSession()
 

  • Method to look up the HttpSession associated with the client if it exists or to create one otherwise

    • HttpSession session = request.getSession(true);
     
  • what it does is lookup in a table of previously created HttpSession objects, using as a key a userID from a cookie or attached URL data
    		•
    Storing/Retrieving/Removing Information Associated with Session
     
    For servlet API version 2.1 and ealier  (can use in later versions...but, depricated)

    HttpSession.putValue("attribute", Object value);

    HttpSession.getValue("attribute");

    HttpSession.removeValue("attribute");
     

    For servlet API version 2.2

    HttpSession.setAttribute("attribute", Object value);

    HttpSession.getAttribute("attribute");

    HttpSession.removeAttribute("attribute");

  • return type is Object, so you have to cast it to what you want:
    • String  product1_name = (String) session.getValue("product1");

    String product1_name = (String) session.getAttribute("product1");

    Look up ALL of the Information stored with Session
     
     
    For servlet API version 2.1 and ealier

    HttpSession.getValueNames();

    • returns Array of Strings.
    For servlet API version 2.2

    HttpSession.getAttributeNames();

    • returns Enumeration (like getHeaderNames() and getParameterNames of the HttpServletRequest object).
     
    Other useful Session Methods
     
     
    getID();
    • returns unique ID of Session  (as String)
    isNew();
    • returns ture = if client has never seen the session.
    getCreationTime()
    • return time in milliseconds when the session was built
    getLastAccessedTime()
    • time in milliseconds since the session was last sent from the client.
    setMaxInactiveInterval(int seconds)
    • time which if not accessed within, the session will then be invalidated.  Server will remove from its table
    getMaxInacgtiveInterval()
    • return time set in setMaxInactiveInterval previous call.
    invalidate()
    • invalidates the sesison and unbinds all objects associated with it.

     

    Servlet Code using Session Tracking API

    Here is a piece of the code from the example in Section 9.4 of your Core Servlet book:
     
     
    Inside of the doGet() or doPost() methods...where service Client requests

    HttpSession session = request.getSession(true);  //create or get session

    //add the attribute "referringPage" which references the web-page the
    //client has requested
    session.putValue("referringPage", request.getHeader("Referer"));

    //try to retrieve the attribute representing the shopping cart 
    //note this will return null if does not exist
    ShoppingCart cart = (ShoppingCart) session.getValue("previousItems");

    if(cart === null) { //No cart saved in this session yet

    cart = new ShoppingCart();  //create the shopping cart 
    session.putValue("previousItems", cart);  //save it in this session
    }

    //Now look for a parameter being sent in the client request, corresponding
    // to a new itme they have selected to purchase, and which you need to
    //add to the shopping cart.
    String itemID = request.getParameter("itemID");
    if(itemID != null)     //make sure they really selected something

    cart.addItem(Catalog.getItem(itemID));

     

    © Lynne Grewe