Upload
hariprasanna-v
View
616
Download
3
Embed Size (px)
DESCRIPTION
Hariprasanna V (9843824677)
Citation preview
04/12/23Acc 683, Spring 2001 Jagdish S. Gangolly1
Java Servlets II: Session TrackingJava Servlets II: Session Tracking
Jagdish GangollyState University of New York at Albany
04/12/23Acc 683, Spring 2001 Jagdish S. Gangolly2
Java Servlets II: Session TrackingJava Servlets II: Session Tracking IntroductionMethods of Session TrackingSession tracking in ServletsState Management
04/12/23Acc 683, Spring 2001 Jagdish S. Gangolly3
IntroductionIntroduction
HTTP is a stateless protocol: When a request is made by client, a connection is opened, the server response is sent, and the connection is closed.Consequences:
If a transaction requires a sequence of requests/responses, since each request is independent, it is not possible to maintain information regarding the transaction
04/12/23Acc 683, Spring 2001 Jagdish S. Gangolly4
IntroductionIntroductionBasic concepts:
– Session: A series of requests from a single client is associated with one session
– State: Associated with each session is a state
04/12/23Acc 683, Spring 2001 Jagdish S. Gangolly5
Methods of Session Tracking IMethods of Session Tracking IWhen the initial request is made by the client, the server generates and exchanges a token.
1. URL Rewriting:An Example: a jsp pagehttp://www.delta.com/home/index.jsp?acty=null&sessioni
d=OqZG1m7Nbz51AHCffo0lbVixefzA8OsfH7ObauWHODpZ1RhU5TSS&acty=null
https://www.delta.com/travel/reservations/itineraries/details/itin_details.jsp?cmd=detail&pnr=XNYY4B&flightnum=0941&flightdate=27MAR01&origin=ALB&destination=ATL&sessionid=OqZORQ5f2lM1uo9l2juGqTWMd0hrdQRKroIqAWe6qFvE4P1hlR68
CustomerIDxxxxxxxxxx|Jagdishwww.delta.com/0213647872029623180188817971229402903* (COOKIE)
04/12/23Acc 683, Spring 2001 Jagdish S. Gangolly6
Methods of Session Tracking IIMethods of Session Tracking II2. Hidden FORM fields: Not used in servlets<INPUT TYPE=“HIDDEN” NAME=“uid” VALUE=“joe”>
3. Cookies:CFID231648www.technologynews.net/0354675916832088942299290753629397684*CFTOKEN67770976www.technologynews.net/0354675916832088942299370753629397684*Some good URLs for cookies:http://www.virtual.net/Projects/Cookies/Cookie_BOF.htmlhttp://arctic.org/~dean/cookieshttp://www.cis.ohio-state.edu/htbin/rfc/rfc2109.htmlhttp://www.lanl.gov/projects/ia/library/bits/bits0697.html
04/12/23Acc 683, Spring 2001 Jagdish S. Gangolly7
Methods of Session Tracking IIIMethods of Session Tracking III<HEAD>
<TITLE>DoubleClick Inc. Home Page</TITLE><LINK HREF="dc.css" REL="styleSheet" TYPE="text/css">
<SCRIPT LANGUAGE="JavaScript" TYPE="text/javascript"><!-- // hide me
var domain = "www.doubleclick.net";var cookieName = "defaultRegion";
var today = new Date();var expireDate = new Date();expireDate.setTime(today.getTime() + 1000*60*60*24*365);
var baseURL = "http://www.doubleclick.net/";…
04/12/23Acc 683, Spring 2001 Jagdish S. Gangolly8
Methods of Session Tracking IMethods of Session Tracking IVV…function setCookie(name, value, expires, path, domain) {var oreo = name + "=" + escape(value) +
((expires) ? "; expires=" + expires.toGMTString() : "") +
((path) ? "; path=" + path : "") +
((domain) ? "; domain=" + domain : "");document.cookie = oreo;}
…
04/12/23Acc 683, Spring 2001 Jagdish S. Gangolly9
Methods of Session Tracking Methods of Session Tracking VV…function getCookie() {
var myCookie = document.cookie;var prefix = cookieName + "=";var begin = myCookie.indexOf("; " + prefix);if (begin == -1) {
begin = myCookie.indexOf(prefix);if (begin != 0) return null;
} elsebegin += 2;
var end = myCookie.indexOf(";", begin);if (end == -1) end = myCookie.length;
return unescape(myCookie.substring(begin + prefix.length, end));}
…</SCRIPT></HEAD>
04/12/23Acc 683, Spring 2001 Jagdish S. Gangolly10
Methods of Session Tracking Methods of Session Tracking VIVI HTTPServletRequest interface provides getSession() method to create a session
You can use this method to get an HTTPSession object
Since the server does not know if the client browser has not logged off or the browser has been closed without logging off, you can setMaxInactiveInterval() for the HTTPSession object (time-out parameter)
The web container maintains an HTTPSession
object for each client
04/12/23Acc 683, Spring 2001 Jagdish S. Gangolly11
Methods of Session Tracking Methods of Session Tracking VIIVIIA Session Lifecycle example
Objective: To report on the servlet lifecycleSteps:
1. Import classes
2. If action is “invalidate, then
get the session information and Respond that the session has been invalidated
else
get session information,
if session is new then
respond that it is a new session,
else
respond with session information.
04/12/23Acc 683, Spring 2001 Jagdish S. Gangolly12
Methods of Session Tracking Methods of Session Tracking VIIIVIII : : Import Import classesclasses
// Import Servlet packagesimport javax.servlet.*;import javax.servlet.http.*;
// Import Java packagesimport java.io.*;import java.util.Date;
04/12/23Acc 683, Spring 2001 Jagdish S. Gangolly13
Methods of Session Tracking IX: Methods of Session Tracking IX: SessionLifeCycleServletSessionLifeCycleServletpublic class SessionLifeCycleServlet extends HttpServlet { protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String action = request.getParameter("action"); if (action != null && action.equals("invalidate")) {
get session and respond thatthe session has been invalidated
} else {Get session and prepare header
if (session.isNew()) {respond that it is a "New Session."
} else {Respond it is an old session and give session info
}prepare rest of the HTML response page}}
04/12/23Acc 683, Spring 2001 Jagdish S. Gangolly14
Methods of Session Tracking X: Methods of Session Tracking X: get get session and respond “invalidated”session and respond “invalidated”
HttpSession session = request.getSession(); session.invalidate(); response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<HTML>"); out.println("<HEAD><TITLE>Session Life
Cycle</TITLE></HEAD>"); out.println("<BODY>"); out.println("<P>Your session has been
invalidated.</p>"); String lifeCycleURL = "/session/servlet/lifeCycle"; //String lifeCycleURL =
response.encodeURL("/session/servlet/lifeCycle"); out.println("<A HREF=\"" + lifeCycleURL + "?
action=newSession\">"); out.println("Create new session</a>"); out.println("</BODY></HTML>");
04/12/23Acc 683, Spring 2001 Jagdish S. Gangolly15
Methods of Session Tracking XI: Methods of Session Tracking XI: Get session and prepare headerGet session and prepare header
HttpSession session = request.getSession(); response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<HTML>"); out.println("<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">"); out.println("<HEAD><TITLE>Session Life Cycle</TITLE></HEAD>"); out.println("<BODY BGCOLOR=\"#FFFFFF\">"); out.println("<H1>SessionLifecycle</CENTER></H1>"); out.print("<BR>Session Status: ");
04/12/23Acc 683, Spring 2001 Jagdish S. Gangolly16
Methods of Session Tracking XII: Methods of Session Tracking XII: respond that it is a "New Session." respond that it is a "New Session."
out.println("New Session.");
04/12/23Acc 683, Spring 2001 Jagdish S. Gangolly17
Methods of Session Tracking XIII: Respond Methods of Session Tracking XIII: Respond old session and give session infoold session and give session info
out.println("<BR>Session ID: "); out.println(session.getId()); out.println("<BR>Creation Time: "); out.println(new
Date(session.getCreationTime())); out.println("<BR>Last Accessed Time: "); out.println(new
Date(session.getLastAccessedTime())); out.println("<BR>Maximum Inactive Interval
(seconds): ");
out.println(session.getMaxInactiveInterval());
04/12/23Acc 683, Spring 2001 Jagdish S. Gangolly18
Methods of Session Tracking XIMethods of Session Tracking XIVV: : prepare rest of the HTML response pageprepare rest of the HTML response page
String lifeCycleURL = "/session/servlet/lifeCycle";
//String lifeCycleURL = response.encodeURL("/session/servlet/lifeCycle");
out.print("<BR><A HREF=\"" + lifeCycleURL + "?action=invalidate\">");
out.println("Invalidate the session</A></TD></TR>");
out.print("<BR><A HREF=\"" + lifeCycleURL + "\">");
out.println("Reload this page</A>"); out.println("</BODY></HTML>"); out.close();
04/12/23Acc 683, Spring 2001 Jagdish S. Gangolly19
State Management: MethodsState Management: MethodsHTTPSession
– Public object getAttribute(String name)– Public Enumeration getAttributeNames(String name)– Public setAttribute(String name, Object attribute)– Public void removeAttribute(String name)