Class8

04/12/23Acc 683, Spring 2001 Jagdish S. Gangolly1

Java Servlets II: Session TrackingJava Servlets II: Session Tracking

Jagdish GangollyState University of New York at Albany


Java Servlets II: Session TrackingJava Servlets II: Session Tracking IntroductionMethods of Session TrackingSession tracking in ServletsState Management


IntroductionIntroduction

HTTP is a stateless protocol: When a request is made by client, a connection is opened, the server response is sent, and the connection is closed.Consequences:

If a transaction requires a sequence of requests/responses, since each request is independent, it is not possible to maintain information regarding the transaction


IntroductionIntroductionBasic concepts:

– Session: A series of requests from a single client is associated with one session

– State: Associated with each session is a state


Methods of Session Tracking IMethods of Session Tracking IWhen the initial request is made by the client, the server generates and exchanges a token.

1. URL Rewriting:An Example: a jsp pagehttp://www.delta.com/home/index.jsp?acty=null&sessioni

d=OqZG1m7Nbz51AHCffo0lbVixefzA8OsfH7ObauWHODpZ1RhU5TSS&acty=null

https://www.delta.com/travel/reservations/itineraries/details/itin_details.jsp?cmd=detail&pnr=XNYY4B&flightnum=0941&flightdate=27MAR01&origin=ALB&destination=ATL&sessionid=OqZORQ5f2lM1uo9l2juGqTWMd0hrdQRKroIqAWe6qFvE4P1hlR68

CustomerIDxxxxxxxxxx|Jagdishwww.delta.com/0213647872029623180188817971229402903* (COOKIE)


Methods of Session Tracking IIMethods of Session Tracking II2. Hidden FORM fields: Not used in servlets<INPUT TYPE=“HIDDEN” NAME=“uid” VALUE=“joe”>

3. Cookies:CFID231648www.technologynews.net/0354675916832088942299290753629397684*CFTOKEN67770976www.technologynews.net/0354675916832088942299370753629397684*Some good URLs for cookies:http://www.virtual.net/Projects/Cookies/Cookie_BOF.htmlhttp://arctic.org/~dean/cookieshttp://www.cis.ohio-state.edu/htbin/rfc/rfc2109.htmlhttp://www.lanl.gov/projects/ia/library/bits/bits0697.html


Methods of Session Tracking IIIMethods of Session Tracking III<HEAD>

<TITLE>DoubleClick Inc. Home Page</TITLE><LINK HREF="dc.css" REL="styleSheet" TYPE="text/css">

<SCRIPT LANGUAGE="JavaScript" TYPE="text/javascript"><!-- // hide me

var domain = "www.doubleclick.net";var cookieName = "defaultRegion";

var today = new Date();var expireDate = new Date();expireDate.setTime(today.getTime() + 1000*60*60*24*365);

var baseURL = "http://www.doubleclick.net/";…


Methods of Session Tracking IMethods of Session Tracking IVV…function setCookie(name, value, expires, path, domain) {var oreo = name + "=" + escape(value) +

((expires) ? "; expires=" + expires.toGMTString() : "") +

((path) ? "; path=" + path : "") +

((domain) ? "; domain=" + domain : "");document.cookie = oreo;}

…


Methods of Session Tracking Methods of Session Tracking VV…function getCookie() {

var myCookie = document.cookie;var prefix = cookieName + "=";var begin = myCookie.indexOf("; " + prefix);if (begin == -1) {

begin = myCookie.indexOf(prefix);if (begin != 0) return null;

} elsebegin += 2;

var end = myCookie.indexOf(";", begin);if (end == -1) end = myCookie.length;

return unescape(myCookie.substring(begin + prefix.length, end));}

…</SCRIPT></HEAD>


Methods of Session Tracking Methods of Session Tracking VIVI HTTPServletRequest interface provides getSession() method to create a session

You can use this method to get an HTTPSession object

Since the server does not know if the client browser has not logged off or the browser has been closed without logging off, you can setMaxInactiveInterval() for the HTTPSession object (time-out parameter)

The web container maintains an HTTPSession

object for each client


Methods of Session Tracking Methods of Session Tracking VIIVIIA Session Lifecycle example

Objective: To report on the servlet lifecycleSteps:

1. Import classes

2. If action is “invalidate, then

get the session information and Respond that the session has been invalidated

else

get session information,

if session is new then

respond that it is a new session,

else

respond with session information.


Methods of Session Tracking Methods of Session Tracking VIIIVIII : : Import Import classesclasses

// Import Servlet packagesimport javax.servlet.*;import javax.servlet.http.*;

// Import Java packagesimport java.io.*;import java.util.Date;


Methods of Session Tracking IX: Methods of Session Tracking IX: SessionLifeCycleServletSessionLifeCycleServletpublic class SessionLifeCycleServlet extends HttpServlet { protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String action = request.getParameter("action"); if (action != null && action.equals("invalidate")) {

get session and respond thatthe session has been invalidated

} else {Get session and prepare header

if (session.isNew()) {respond that it is a "New Session."

} else {Respond it is an old session and give session info

}prepare rest of the HTML response page}}


Methods of Session Tracking X: Methods of Session Tracking X: get get session and respond “invalidated”session and respond “invalidated”

HttpSession session = request.getSession(); session.invalidate(); response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<HTML>"); out.println("<HEAD><TITLE>Session Life

Cycle</TITLE></HEAD>"); out.println("<BODY>"); out.println("<P>Your session has been

invalidated.</p>"); String lifeCycleURL = "/session/servlet/lifeCycle"; //String lifeCycleURL =

response.encodeURL("/session/servlet/lifeCycle"); out.println("<A HREF=\"" + lifeCycleURL + "?

action=newSession\">"); out.println("Create new session</a>"); out.println("</BODY></HTML>");


Methods of Session Tracking XI: Methods of Session Tracking XI: Get session and prepare headerGet session and prepare header

HttpSession session = request.getSession(); response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<HTML>"); out.println("<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">"); out.println("<HEAD><TITLE>Session Life Cycle</TITLE></HEAD>"); out.println("<BODY BGCOLOR=\"#FFFFFF\">"); out.println("<H1>SessionLifecycle</CENTER></H1>"); out.print("<BR>Session Status: ");


Methods of Session Tracking XII: Methods of Session Tracking XII: respond that it is a "New Session." respond that it is a "New Session."

out.println("New Session.");


Methods of Session Tracking XIII: Respond Methods of Session Tracking XIII: Respond old session and give session infoold session and give session info

out.println("<BR>Session ID: "); out.println(session.getId()); out.println("<BR>Creation Time: "); out.println(new

Date(session.getCreationTime())); out.println("<BR>Last Accessed Time: "); out.println(new

Date(session.getLastAccessedTime())); out.println("<BR>Maximum Inactive Interval

(seconds): ");

out.println(session.getMaxInactiveInterval());


Methods of Session Tracking XIMethods of Session Tracking XIVV: : prepare rest of the HTML response pageprepare rest of the HTML response page

String lifeCycleURL = "/session/servlet/lifeCycle";

//String lifeCycleURL = response.encodeURL("/session/servlet/lifeCycle");

out.print("<BR><A HREF=\"" + lifeCycleURL + "?action=invalidate\">");

out.println("Invalidate the session</A></TD></TR>");

out.print("<BR><A HREF=\"" + lifeCycleURL + "\">");

out.println("Reload this page</A>"); out.println("</BODY></HTML>"); out.close();


State Management: MethodsState Management: MethodsHTTPSession

– Public object getAttribute(String name)– Public Enumeration getAttributeNames(String name)– Public setAttribute(String name, Object attribute)– Public void removeAttribute(String name)

Documents

Class8