SE-2840 Dr. Mark L. Hornick1 Servlet Threads and Sessions.

Slides:

Advertisements

Similar presentations

Chapter 6 Server-side Programming: Java Servlets

Advertisements

Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 10 Servlets and Java Server Pages.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Technology Overview JAVA Servlets CS-611 S. Witherspoon.

Servlets and a little bit of Web Services Russell Beale.

Liang, Introduction to Java Programming, Sixth Edition, (c) 2005 Pearson Education, Inc. All rights reserved Chapter 34 Servlets.

XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.

Comp2513 Java Servlet Basics Daniel L. Silver, Ph.D.

Session Management A290/A590, Fall /25/2014.

Chapter 4 Servlets Concept of Servlets (What, Why, and How) Servlet API Third-party tools to run servlets Examples of Using Servlets HTML tag with GET.

SE-2840 Dr. Mark L. Hornick1 Java Servlet-based web apps Servlet Architecture.

HTTP HyperText Transfer Protocol Stateless request/response client-server protocol Requests: Method: GET, POST, HEAD, TRACE, OPTIONS, PUT, DELETE.

Java Servlets. What Are Servlets? Basically, a java program that runs on the server Basically, a java program that runs on the server Creates dynamic.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Java Server Pages B.Ramamurthy. Topics for Discussion 8/20/20152 Inheritance and Polymorphism Develop an example for inheritance and polymorphism JSP.

1 Lecture 10 Server-side Programming: Java Servlets.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.

IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.

Servlets Pranav Maydeo. What is a Servlet ? Servlets are modules of Java code that run in a server application to answer client requests. Servlets are.

Web application architecture

Advanced Web Forms with Databases Programming Right from the Start with Visual Basic.NET 1/e 13.

Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.

CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.

COMP 321 Week 7. Overview HTML and HTTP Basics Dynamic Web Content ServletsMVC Tomcat in Eclipse Demonstration Lab 7-1 Introduction.

Chapter 5 Being a Web App. Very few servlet or JSP stands alone Many times in our application, different servlets or JSPs need to share information 

CS-4220 Dr. Mark L. Hornick1 Servlet configuration and deployment.

Web Programming Language Week 7 Dr. Ken Cosh Security, Sessions & Cookies.

Session tracking There are a number of problems that arise from the fact that HTTP is a "stateless" protocol. In particular, when you are doing on- line.

Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.

1 Maryland ColdFusion User Group Session Management December 2001 Michael Schuler

Java Servlets & Java Server Pages Lecture July 2013.

Chapter 6 Server-side Programming: Java Servlets

Cookies Web Browser and Server use HTTP protocol to communicate and HTTP is a stateless protocol. But for a commercial website it is required to maintain.

Cookies & Session Web Technology

® IBM Software Group © 2007 IBM Corporation Best Practices for Session Management

Server-side Programming The combination of –HTML –JavaScript –DOM is sometimes referred to as Dynamic HTML (DHTML) Web pages that include scripting are.

ASP.Net, Web Forms and Web Controls 1 Outline Session Tracking Cookies Session Tracking with HttpSessionState.

Operating Systems Lesson 12. HTTP vs HTML HTML: hypertext markup language ◦ Definitions of tags that are added to Web documents to control their appearance.

1 Java Servlets l Servlets : programs that run within the context of a server, analogous to applets that run within the context of a browser. l Used to.

CSI 3125, Preliminaries, page 1 SERVLET. CSI 3125, Preliminaries, page 2 SERVLET A servlet is a server-side software program, Responds oriented other.

1 Introduction to Servlets. Topics Web Applications and the Java Server. HTTP protocol. Servlets 2.

JS (Java Servlets). Internet evolution [1] The internet Internet started of as a static content dispersal and delivery mechanism, where files residing.

Introduction to Servlets Allen Day. Notes This is a training NOT a presentation Please ask questions Prerequisites.

CSI 3125, Preliminaries, page 1 SERVLET. CSI 3125, Preliminaries, page 2 SERVLET A servlet is a server-side software program, written in Java code, that.

SE-2840 Dr. Mark L. Hornick 1 Introduction to Ajax Asynchronous Javascript And XML.

1 State and Session Management HTTP is a stateless protocol – it has no memory of prior connections and cannot distinguish one request from another. The.

©SoftMooreSlide 1 Session Tracking with Servlets.

ITM © Port,Kazman 1 ITM 352 Cookies. ITM © Port,Kazman 2 Problem… r How do you identify a particular user when they visit your site (or any.

©SoftMooreSlide 1 Cookies. ©SoftMooreSlide 2 Cookies Basic idea –web application sends a simple name/value pair to the client –when the client connects.

Java Programming: Advanced Topics 1 Building Web Applications Chapter 13.

Chapter 4 Request and Response. Servlets are controlled by the container.

8-Mar-16 More About Servlets Session Tracking. Persistent information A server site typically needs to maintain two kinds of persistent (remembered) information:

Distributed Web Systems Cookies and Session Tracking Lecturer Department University.

111 State Management Beginning ASP.NET in C# and VB Chapter 4 Pages

Fundamentals of Web DevelopmentRandy Connolly and Ricardo HoarFundamentals of Web DevelopmentRandy Connolly and Ricardo Hoar Fundamentals of Web DevelopmentRandy.

CS-4220 Dr. Mark L. Hornick1 Single class doing too many things =Bad Code Smell.

Cookies Tutorial Cavisson Systems Inc..

Servlet Sessions and Cookies

Net-centric Computing

Chapter 6 Server-side Programming: Java Servlets

What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.

Chapter 26 Servlets.

CS320 Web and Internet Programming Cookies and Session Tracking

Handling State in Web Applications

Servlet APIs Every servlet must implement javax.servlet.Servlet interface Most servlets implement the interface by extending one of these classes javax.servlet.GenericServlet.

CS3220 Web and Internet Programming Cookies and Session Tracking

CSc 337 Lecture 27: Cookies.

CS3220 Web and Internet Programming Cookies and Session Tracking

CSc 337 Lecture 25: Cookies.

Presentation transcript:

SE-2840 Dr. Mark L. Hornick1 Servlet Threads and Sessions

SE-2840 Dr. Mark L. Hornick2 Servlet execution What are some ramifications of running each doGet() or doPost() on a separate thread??

What can happen here? SE-2840 Dr. Mark L. Hornick3 User 1 User 1 hits Submit on a form page. Thread 19 User 2 Thread 20 Data store User 2 hits Submit on the same form page at about the same time. service(request, response) Assume the Datastore is managed via a Servlet-owned reference.

Multithreading is a fact of a Servlet’s life The only code objects that are thread-safe are the ones that are stack-based (or readonly): HttpServletRequest object HttpServletResponse object Local Servlet method variables Servlet class/instance constants These are NOT thread-safe: Servlet class attribute variables ServletConfig object ServletContext object SE-2840 Dr. Mark L. Hornick4 These first three are unique to each thread. Reading is thread-safe These are objects are shared among threads.

Are any of the following good approaches to avoid threading problems? 1. Synchronize a Servlet’s service methods Let only a single thread at a time execute doGet(), doPost(), etc 2. Synchronize a block of code within a method Let only a single thread at a time execute critical sections. 3. Synchronize on the ServletConfig object Let only a single thread at a time access any Servlet-specific data 4. Synchronize on the ServletContext object Let only a single thread at a time access any Context-specific (that is, web application-specific) data SE-2840 Dr. Mark L. Hornick5

A related problem: If we use a Servlet’s attributes to store data, only that Servlet can access the data SE-2840 Dr. Mark L. Hornick6 Thread 19 Thread 20 Data store service(request, response) What if we wanted a different Servlet to generate the response, in order to separate class responsibilities and improve cohesion? And what happens if our Servlet is used in another web app on the same server???

Using ServletContext to store data would make it accessible to all Servlets in the web app. SE-2840 Dr. Mark L. Hornick7 Note: This diagram can be found in your textbook The ServletContext is initialized by Tomcat before any Servlet is initialized.

We know we can use the DD to create ServletContext String parameters…... MyServlet myPackage.MyServlet Some other servlet’s defn goes here... lab1_version SE-2840 Dr. Mark L. Hornick8 But what if we want to initialize something more complex?

ServletContext: Parameters vs. Attributes Parameters are init’d in the DD Parameters are name/value pairs, where the value is a String Parameters are readonly Attributes can be created/modified by code Attributes are name/value pairs, where the value is an Object Attributes are read/write CS-4220 Dr. Mark L. Hornick9

We need a way to initialize a complex ServletContext attribute before any Servlets are initialized Solution: Use a class that implements the ServletContextListener interface SE-2840 Dr. Mark L. Hornick10 This is one of 8 different Listeners The event class

The contextInitialized() event handler is called by Tomcat at startup In the contextInitialized() method, we can create a ServletContext attribute that is a complex datatype: public void contextInitialized(ServletContextEvent e) { ServletContext context = e.getServletContext(); context.setAttribute(“foo”, new MyComplexType() ); } // later, any Servlet will be able to access MyComplexType via a call to getServletContext().getAttribute(“foo”); SE-2840 Dr. Mark L. Hornick11

We need to register ServletContextListeners with Tomcat in the DD:... MyServlet test.HelloWorldServlet Some other servlet’s defn goes here... myPackage.MyContextListener </listener... SE-2840 Dr. Mark L. Hornick12

Finally…thread-safe data accessed as a ServletContext attribute All users sharing the same object maintained by the ServletContext… Is this really what we want?? SE-2840 Dr. Mark L. Hornick13

By default, Servlets have no memory of who makes a request The HTTP protocol is stateless, meaning it does not keep track of ongoing request/response messages. Each HTTP request/response is independent of any other request/response SE-2840 Dr. Mark L. Hornick14 ?

SE-2840 Dr. Mark L. Hornick 15 Stateless Pro/Con Good for browsing and hyperlinking pages in any order without regard to past history No HTTP overhead in maintaining state Bad for applications that require complex user interaction between web pages The web application may want/need to know what page you’ve visited previous to the current page What you’ve done on previous visits

SE-2840 Dr. Mark L. Hornick 16 A web server can ask a browser to set/read/send Cookies as part of the HTTP header Web Browser Web Server HTTP request: “give me a page” HTTP response: “OK, and BTW, store this Cookie”

A Cookie is a small amount of information that can be used to implement state As a web site developer, you can store information you gather from a user on the file system of the user’s PC as a Cookie Previous date of web site access Login status... SE-2840 Dr. Mark L. Hornick 17 Web Browser Cookie information

A Cookie has various properties name – the cookie name value – the value of the cookie expires – the date the cookie expires path – path in domain in which cookie is visible domain – domain the cookie is visible to secure – cookie is only available over secure connections httponly – cookie is only available via HTTP SE-2840 Dr. Mark L. Hornick 18

SE-2840 Dr. Mark L. Hornick 19 On subsequent visits, the web server can retrieve the Cookies via the HTTP header Web Browser Web Server HTTP request: “give me that page again” HTTP response: “OK, give me that Cookie you stored last time so I can customize the page”

SE-2840 Dr. Mark L. Hornick 20 Session Protocol User's browser is given a session ID by the server Tomcat does this automatically Cookie expiration is usually very short; sometimes longer ID is included in subsequent HTTP exchanges with the server “subsequent” can be even weeks later (usually not) Server uses received session ID to locate/ retrieve corresponding session data/variables Session variables kept on server for efficiency and security Persist somewhere on the server filesystem or server db

Application Session lifetime can be adjusted... HelloWorld test.HelloWorldServlet Some other servlet’s defn goes here SE-2840 Dr. Mark L. Hornick21

Tomcat handles session management for Servlets SE-2840 Dr. Mark L. Hornick22 A reference to an HTTPServletRequest is created by the Container and passed to the doGet() and doPost() methods of an HTTPServlet. Session references are retrieved from the Request object. Note: You can look at Cookie objects via request.getCookies(), and set your own Cookie objects via response.addCookie()

This is what we really want SE-2840 Dr. Mark L. Hornick23 User 1 User 1 hits Submit on a form page. Thread 19 User 2 Thread 20 Data store User 2 hits Submit on the same form page at about the same time. service(request, response) Each user gets a separate session object which can be used to manage separate data stores. Data store User1 session User2 session