Presentation is loading. Please wait.

Presentation is loading. Please wait.

Distributed Web Systems Cookies and Session Tracking Lecturer Department University.

Published byLindsay Wheeler Modified over 7 years ago

Similar presentations

Presentation on theme: "Distributed Web Systems Cookies and Session Tracking Lecturer Department University."— Presentation transcript:

1 Distributed Web Systems Cookies and Session Tracking Lecturer Department University

2 Outline Cookies Session tracking Data sharing between servlets

3 Need for cookies Consider an on-line shopping scenario: But HTTP is a connection-less protocol ! –Once a page is downloaded, the connection between the browser and the web server is closed –Any subsequent request will look like new to the web server –How can we make the web server recognise requests from the same user ? User’s PCWeb server choose 1 st product choose 2 nd product checkout

4 Cookies let you do that! Small bits of textual information: –Web server can send them to browser to store on the client side –The browser later returns this information unchanged when visiting the same Web site User’s PC www.site.com Keep this for me please! cookie websitecookie www.site.com blah User’s PC www.site.com You left this here last time cookie

5 Example uses Identifying the user for e-commerce transactions Remembering user name, password (bad idea, actually) Remembering user preferences to customize websites Remembering what user did last time on this website (e.g. for targeted advertising etc)

6 Problems with cookies Privacy! banner ads search engine on-line shop Leave a cookie with information about the use of the search engine Read the cookie – learn about user’s browsing patterns for another site (search engine)

7 Sending cookies in servlets Create a Cookie object: –Cookie mycookie = new Cookie(“name”, “value”); Set maximum age of the cookie: –We need to tell the client’s browser how long it should keep the cookie for –cookie.setMaxAge(60*60*24*7); Place cookie into HTTP response headers: –response.addCookie(cookie); –This adds the “Cookie” header to the response time in seconds (a week here)

8 Reading cookies from client Call request.getCookies(): –Returns an array of Cookie objects – all cookies for this website stored on the client Loop down the array, calling getName() on each Cookie until you find the cookie of interest (i.e. the cookie set by your servlet): Cookie[] cookies = request.getCookies(); if (cookies != null) { for (int i = 0; i<cookies.length; i++) if (cookies[i].getName().equals(“MyCookie”) { // do something with the cookie }

9 Persistent vs Session Cookies Persistent cookie: –Stored on disk – available even after the browser application is closed and restarted Session cookie: –Stored in the browser’s memory. Once you close the browser application, the cookie is lost. Unless you use setMaxAge(), your cookies will be created as session cookies. Apart from name and age, cookies have some other interesting attributes (please see Core Servlets & JSP for details).

10 Session tracking Recall the problem we started with: –Need to realise on the web server that a set of separate HTTP requests actually belongs to the same interaction session between user and application. In general, three possible approaches: –Cookies –URL rewriting –Hidden form fields User’s PC Web server choose 1 st product choose 2 nd product checkout

11 Session tracking (contd.) URL rewriting: –Append some extra data to the end of each URL (e.g. http://www.site.com/page.html;session=1234) –Problem 1: since the session ID changes, need to generate ALL pages dynamically (inconvenient) –Problem 2: if user leaves website and then comes back via a bookmark, session information can be lost Hidden form fields: –Have hidden entries in forms: –Problem: every page has to be generated dynamically but also ONLY by a form submission

12 What to do with session ID? Ok, you got your session ID (one way or another), what to do with it on the server? –Need to have some sort of a hash table that links the ID with the associated session data –Need to determine idle sessions and delete expired IDs –Need to generate unique IDs for new sessions User’s PC www.site.com ID Data 5678... 1234... processing

13 Session tracking in servlets Fortunately, servlets and servlet containers already implement this functionality – providing you with the HttpSession object User’s PC HttpSession … s = request.getSession(); // read-write session data … Servlet container Servlet Get the session associated with current request IDData 5678... 1234... session ID

14 Session tracking in servlets (cont.) What if the user’s request does not have session ID (e.g. it’s the first user’s visit)? User’s PC HttpSession … s = request.getSession(); // write session data … Servlet container Servlet Get the session associated with current request IDData 5678... 1234... 1021 NO session ID create new Send back cookie with ID Because this may need to send cookies back, it must be called before sending any document content !!!

15 Session tracking in servlets (contd.) What if I do not want to create a new session when none exists? –E.g. my page needs data from a previous page and will not work correctly otherwise? Use getSession(false) –Returns the current session if one exists –or null otherwise

16 Reading/writing session data session.getAttribute(“name”) –Get information (object) associated with attribute session.getAttributeNames() –Get names of all attributes in the session session.setAttribute(“name”, Object value) –Store information (object) in the session (replaces the previous value for this attribute if any) session.removeAttribute(“name”) –Remove attribute from the session session.invalidate() –Invalidate all session data (=forget all objects associated with the session and remove the session itself) Use with caution!

17 Browser vs Server sessions By default, session-tracking is based on cookies that are stored in the browser’s memory (session cookies) –When user restarts the browser – the session is lost –But what about the session data on the server? –Use expire upon inactivity mechanism! User’s PC www.site.com Session IDSession data

18 Servlet context What if we want to store data that are not specific to a particular user and that we want to be accessible by all servlets in our application? ServletContext object is the place! –getServletContext() -- returns the ServletContext object –Data access is the same as for the Session object –Data are stored for as long as your application is running (restarting application or the servlet container deletes the data) ServletContext … ServletContext c = getServletContext(); // read-write application data … ServletServlet container

19 Data sharing summary Storing MethodData shared betweenData lost when Servlet instance variables All requests to this particular servlet from any user Servlet is destroyed HttpSessionAll requests from this particular user to any servlet in the application User’s browser is restarted or server session expires/is invalidated ServletContextAll requests from any user to any servlet in this application The application is restarted

20 Summary Session tracking is used to provide a stateful interaction between a user and a web server via the stateless HTTP protocol Data stored on the server, session ID on the client –Cookies, URL rewriting, Hidden form fields Servlet context can be used for sharing data between servlets Questions

Download ppt "Distributed Web Systems Cookies and Session Tracking Lecturer Department University."

Similar presentations

CookiesPHPMay-2007 : [‹#›] Maintaining State in PHP Part I - Cookies.

CookiesPHPMay-2007 : [‹#›] Maintaining State in PHP Part I - Cookies.
UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)

UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Cookie in a servlet. Cookies are small bits of textual information that a Web server sends to a browser and that the browser returns unchanged when visiting.

Cookie in a servlet. Cookies are small bits of textual information that a Web server sends to a browser and that the browser returns unchanged when visiting.
DT228/3 Web Development multi page applications/ sharing data.

DT228/3 Web Development multi page applications/ sharing data.
Servlets and a little bit of Web Services Russell Beale.

Servlets and a little bit of Web Services Russell Beale.
Servlet Session Tracking. 2 Persistent information A server site typically needs to maintain two kinds of persistent (remembered) information: Information.

Servlet Session Tracking. 2 Persistent information A server site typically needs to maintain two kinds of persistent (remembered) information: Information.
1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.

1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
ASHIMA KALRA.  INTRODUCTION TO JSP INTRODUCTION TO JSP  IMPLICIT OBJECTS IMPLICIT OBJECTS  COOKIES COOKIES.

ASHIMA KALRA.  INTRODUCTION TO JSP INTRODUCTION TO JSP  IMPLICIT OBJECTS IMPLICIT OBJECTS  COOKIES COOKIES.
Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.

Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.
HTTP: cookies and advertising Concepts to cover:  web page content (including ads) from multiple site: composition at client  cookies  third-party cookies:

HTTP: cookies and advertising Concepts to cover:  web page content (including ads) from multiple site: composition at client  cookies  third-party cookies:
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.

CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
Comp2513 Java Servlets and Sessions Daniel L. Silver, Ph.D.

Comp2513 Java Servlets and Sessions Daniel L. Silver, Ph.D.
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.

IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
Chapter 8 Handling Cookies. Cookie Cookies are small bits of textual information that a Web server sends to a browser and that the browser later returns.

Chapter 8 Handling Cookies. Cookie Cookies are small bits of textual information that a Web server sends to a browser and that the browser later returns.
CSE 154 LECTURE 12: COOKIES. Including files: include include(filename); PHP include(header.html); include(shared-code.php); PHP inserts the entire.

CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.
269200 Web Programming Language Week 7 Dr. Ken Cosh Security, Sessions & Cookies.

Web Programming Language Week 7 Dr. Ken Cosh Security, Sessions & Cookies.

Similar presentations

Ads by Google