Servlets: Session Tracking
Why Session Tracking?
- There is a need for many applications to maintain
data across multiple client requests.
- Example: On-line Shopping Cart
- User travels around different web-pages, looking
at products
- Occasionally saves an item in their shopping cart.
General Solutions:
1) Cookies
- one problem can be that a user can disable cookies.
2) URL-rewriting
- The client appends extra data on the end of each URL
that identifies the session
e.g. http://host/path/file.html;sessionid=1234
(here the id is sessionid=1234)
- The server associates that ID with data it has stored
about the session
- Tedious updating of information.
- One problem if user leaves the sesion and comes back
via a bookmark, the session information can be lost.
- Good when browser does not support cookies or has disabled
them.
3) Hidden Form Fields
- The idea here is that when new pages are given to the
user (e.g. to continue shopping), HTML form tags that are
hidden containing the data you wish to save/track is stored.
- <INPUT TYPE="HIDDEN" NAME="Session" Value=">>>>>>">
- When the user on this new page submits the form, this
hidden data is also sent to the server along with any new
data.
- Problem: will only work if each consecutive web-page
the user visits (e.g. in their shopping spree) is dynamically
generated.
|
Servlet Solutions
- Can implement Cookies
- Can use Session Tracking API
|
Servlet Session Tracking API
- Built on top of Cookie and URL-rewriting technology.
- Servlet Engine will translate Session Tracking
calls to Cookies if they are enabled, and will otherwise use URL-rewriting.
This is behind the scenes....you don't worry about it.
Concept:
When the client makes a HTTP request
of the Servlet (e.g. will invoke the doGet or doPost methods)
1) Create or Retrieve the session associated
with this client.
Note: the first
time the Servlet recieves a request from client A it will not
have a session associated with it, because the Servlet did not
yet explicitly create it yet. The nth time the Servlet
recieves a request from client A, if it had on a previous request
from this same client, created a session, it will then retrieve
this same session rather than creating a new one.
Hence, you can keep
persistent data for client A, between requests made to the
Servlet.
2) Add/Remove/Lookup attribute values stored
with the session as indicated by the task at hand (what the servlet
is being requested to do).
Store information as needed in this session object.
Create/Retrieve Current
Session.
HttpServletRequest.getSession()
Method to look up the HttpSession associated with
the client if it exists or to create one otherwise
HttpSession session = request.getSession(true);
what it does is lookup in a table of previously
created HttpSession objects, using as a key a userID from
a cookie or attached URL data
|
Storing/Retrieving/Removing
Information Associated with Session
For servlet API version 2.1 and ealier (can
use in later versions...but, depricated)
HttpSession.putValue("attribute", Object value);
HttpSession.getValue("attribute");
HttpSession.removeValue("attribute");
|
For servlet API version 2.2
HttpSession.setAttribute("attribute", Object value);
HttpSession.getAttribute("attribute");
HttpSession.removeAttribute("attribute");
|
return type is Object, so you have to cast it to
what you want:
String product1_name = (String) session.getValue("product1");
String product1_name = (String) session.getAttribute("product1");
|
Look up ALL of the
Information stored with Session
For servlet API version 2.1 and ealier
HttpSession.getValueNames();
- returns Array of Strings.
|
For servlet API version 2.2
HttpSession.getAttributeNames();
- returns Enumeration (like getHeaderNames()
and getParameterNames of the HttpServletRequest
object).
|
|
Other useful Session
Methods
getID();
- returns unique ID of Session (as String)
|
isNew();
- returns ture = if client has never seen the
session.
|
getCreationTime()
- return time in milliseconds when the session
was built
|
getLastAccessedTime()
- time in milliseconds since the session was
last sent from the client.
|
setMaxInactiveInterval(int seconds)
- time which if not accessed within, the session
will then be invalidated. Server will remove
from its table
|
getMaxInacgtiveInterval()
- return time set in setMaxInactiveInterval
previous call.
|
invalidate()
- invalidates the sesison and unbinds all objects
associated with it.
|
|
|
Servlet Code using Session Tracking API
Here is a piece of the code from the example in
Section 9.4 of your Core Servlet book:
Inside of the doGet() or doPost()
methods...where service Client requests
HttpSession session = request.getSession(true); //create
or get session
//add the attribute "referringPage" which references the
web-page the
//client has requested
session.putValue("referringPage", request.getHeader("Referer"));
//try to retrieve the attribute representing the shopping
cart
//note this will return null if does not exist
ShoppingCart cart = (ShoppingCart) session.getValue("previousItems");
if(cart === null) { //No cart saved in this session yet
cart = new ShoppingCart(); //create the shopping
cart
session.putValue("previousItems", cart); //save it in
this session
}
//Now look for a parameter being sent in the client request,
corresponding
// to a new itme they have selected to purchase, and which
you need to
//add to the shopping cart.
String itemID = request.getParameter("itemID");
if(itemID != null) //make sure they
really selected something
cart.addItem(Catalog.getItem(itemID));
|
|
|