Embed Size (px)
Citation preview
Session Tracking - 2
Lec 32
Last Lecture Review Session Tracking – why?
Need to store state – typical solutions
Cookies – already learned URL Rewriting Hidden Form Fields
Session Tracking
Amazon
Servlet Container
Session ID = 123XYZ
Shopping Cart sc[item 1=324]
Request
Credit: cs193i at Standford
Session Tracking
Amazon
Servlet Container
Session ID = 123XYZ
Shopping Cart sc[item 1=324]
Response:Set-Cookie: sid=123XYZ
Credit: cs193i at Standford
Session Tracking
Amazon
Servlet Container
Session ID = 123XYZ
Shopping Cart sc[item 1=324]
Request:Set-Cookie: sid=123XYZ
Credit: cs193i at Standford
Session Tracking
Amazon
Servlet Container
Session ID = 123XYZ
Shopping Cart sc[item 1=324 item 2=115]
Request:Set-Cookie: sid=123XYZ
Credit: cs193i at Standford
URL Rewriting
URL Rewriting We can pass extra information to client by rewriting URLs.
(appending info with URL)
The extra information can be in the form of Extra path information,
Added parameters, or
Some custom, server-specific URL change
Due to limited space available in rewriting a URL, the extra information is usually limited to a unique session ID
URL Rewriting: Examples For example, the following URLs have been rewritten
to pass the session id 123
Originalhttp://server:port/servlet/rewrite
Extra path informationhttp://server:port/servlet/rewrite/123
Added parameterhttp://server:port/servlet/rewrite?id=123
Custom changehttp://server:port/servlet/rewrite;$id$123
URL Rewriting: Disadvantages What if the user bookmarks the page?
Every URL on a page which needs the session information must be rewritten each time page is served Computationally expensive Can increase communication overhead
State stored in URLs is not persistent
Limits the client’s interaction with the server to HTTP GET request
Hidden Form Fields
Hidden Form Fields <input type=“hidden” name=“sessionid” value=“123”>
Java’s Solution forSession Tracking
HttpSession API
Using HttpSession1. To get the user’s session object
Call getSession( ) method of HTTPServletRequest class
pass false to the getSession() method HttpSession ses = request.getSession(false);
If no current session exists: You will get a null object
Using HttpSession cont.1. To get the user’s session object (cont.)
If true is passed to the getSession() method then
If user already has a session the existing session is returned
For example: HttpSession ses = request.getSession(true);
If no session exists a new one is created and returned
Using HttpSession cont.2. Storing information in a session
Session objects works like a HashMap HashMap is able to store any type of java object
You can therefore store any number of keys and their values
For example
ses.setAttribute(“id”, “123”);
key Value
Using HttpSession cont.3. Looking up information associated
with a session
String sID =
(String)ses.getAttribute(“id”);
returns an Object type, so you will need to perform a type cast
Using HttpSession cont.4. Terminating session
Automatic After the amount of time session gets terminated
automatically( getMaxInactiveInterval( ) )
Manual
ses.invalidate();
Example Code
Showing Session Information
Encoding URLs Sent to Client HttpServletResponse provides two methods to
perform encoding
1. String encodeURL(String URL)
2. String encodeRedirectURL(String URL)
If Cookies disabled Both methods encodes (rewrites) the specified URL to
include the session ID and returns the new URL
If Cookies enabled Returns the URL unchanged
Encoding URLs Sent to Client cont.1. String encodeURL(String URL)
For example
String URL = “/servlet/sessiontracker”; String eURL = response.encodeURL(URL);
out. println("<A HREF=\"" + eURL + "\">...</A>");
Encoding URLs Sent to Clientcont.2. String encodeRedirectURL(String URL)
For exampleString URL = “/servlet/sessiontracker”;
String eURL = response.encodeRedirectURL(URL); response.sendRedirect(eURL);
Example Code
Online Book Store
