Presentation is loading. Please wait.

Presentation is loading. Please wait.

Comp2513 Java Servlets and Sessions Daniel L. Silver, Ph.D.

Published byErnest Blake Modified over 9 years ago

Similar presentations

Presentation on theme: "Comp2513 Java Servlets and Sessions Daniel L. Silver, Ph.D."— Presentation transcript:

1 Comp2513 Java Servlets and Sessions Daniel L. Silver, Ph.D.

2 2001Daniel L. Silver2 Objectives To review the problem that the HTTP connectionless environment poses for E- Commerce To review the problem that the HTTP connectionless environment poses for E- Commerce Solution 1: hidden fields Solution 1: hidden fields Solution 2: cookies Solution 2: cookies Solution 3. session control Solution 3. session control Reference: DDEA Ch.7, Sharma p.110-122 and EJP (Ch.4) p.48-63 Reference: DDEA Ch.7, Sharma p.110-122 and EJP (Ch.4) p.48-63

3 2001Daniel L. Silver3 Websphere Java Servlet Request Processing Internet Browser Client HTTP Server HelloWorld.class http://eagle.acadiau.ca/demo/servlet/HelloWorld Tomcat App. Server servlet/HelloWorld demo/servlet/ equates to …/demo/WEB-INF/classes/HelloWorld.class HTML JVM

4 2001Daniel L. Silver4 HTTP is Connectionless The HTTP protocol is connectionless The HTTP protocol is connectionless Knowledge of prior pages visited or, for example, products placed in a shopping cart are easily lost Knowledge of prior pages visited or, for example, products placed in a shopping cart are easily lost So how can server applications maintain a sense of a session with a client? So how can server applications maintain a sense of a session with a client? –hidden fields –cookies –session control

5 2001Daniel L. Silver5 Hidden Fields in HTML Solution comes from CGI period Solution comes from CGI period Server hides session information within HTML returned to the client Server hides session information within HTML returned to the client FORM field INPUT type can be set to “hidden” FORM field INPUT type can be set to “hidden” Field name and value will be returned to the server by the client when the client submits the form request to the server Field name and value will be returned to the server by the client when the client submits the form request to the server

6 2001Daniel L. Silver6 Hidden Fields in HTML Example: Example: http://eagle.acadiau.ca:8080/danstech/HiddenFields.html Problems with this method? Problems with this method? –User can see the hidden info (use source view) –Causes a lot of additional HTTP traffic –Session info is lost if HTML (that contains hidden fields) is lost

7 2001Daniel L. Silver7 Servlets and Cookies Solution comes from CGI period but has evolved with Java servlets Solution comes from CGI period but has evolved with Java servlets Servlets send a small piece of data to the client that gets written to a secure disk area: Servlets send a small piece of data to the client that gets written to a secure disk area: How does the servlet do this? Cookie c = new Cookie(name, value); Cookie c = new Cookie(name, value); … response.addCookie(c) response.addCookie(c) So the session data (products placed in the users shopping cart) can be stored in cookie So the session data (products placed in the users shopping cart) can be stored in cookie Or simply an ID can be placed in the cookie and the server can maintain the session data Or simply an ID can be placed in the cookie and the server can maintain the session data

8 2001Daniel L. Silver8 Servlets and Cookies Client browsers will check to see if there is a cookie associated with any request to a server (URL) or a particular server/path … The server can establish the URL specifics: Client browsers will check to see if there is a cookie associated with any request to a server (URL) or a particular server/path … The server can establish the URL specifics: Cookie c = new Cookie(name, value); c.setDomain(“eagle.acadiau.ca”);c.setPath(“/”); Could be more specific if desired … the above is the default Could be more specific if desired … the above is the default

9 2001Daniel L. Silver9 Servlets and Cookies Whenever a new request is sent to the server it checks to see if a cookie is included: Whenever a new request is sent to the server it checks to see if a cookie is included: Cookie[] cookies = request.getCookies(); for (int i = 0; i < cookies.length; i++) { Cookie c = cookies[i]; String name = c.getName(); String value = c.getValue(); …}

10 2001Daniel L. Silver10 Servlets and Cookies A cookie is established by the server in the HTTP response header: Content-type: text/html Set-Cookie: name=value; expires=Sat, 26-Aug-95 15:45:30 GMT; path=/; domain=eagle.acadiau.ca expires= determines the life of the cookie expires= a negative value (default), then cookie expires when the browser exits, so it is never written to disk expires=0 tells the browser to delete the cookie immediately To set a cookie’s life in seconds use the Cookie method: setMaxAge(int expiry)

11 2001Daniel L. Silver11 Servlets and Cookies Example 1 – A Session cookie: Example 1 – A Session cookie: http://eagle.acadiau.ca:8080/examples/servlets/index.html –Full source code http://eagle.acadiau.ca/demo/CookieExample.java Example 2 – A Persistent Cookie Example 2 – A Persistent Cookie http://eagle.acadiau.ca/demo/PersistentCookieExample.html - Full source code http://eagle.acadiau.ca/demo/PersistentCookieExample.java Problems with this method? Problems with this method? –Cookies have limit life (servlet, browser) and size (4k bytes) –Maximum number of cookies set by browser –User may disable cookie acceptance –Can be inefficient in terms of data communications

12 2001Daniel L. Silver12 Servlets and Cookies For more information on cookies see For more information on cookies see Netscape's Cookie Specification at http://home.netscape.com/newsref/std/cookie_spec.html Netscape's Cookie Specification at http://home.netscape.com/newsref/std/cookie_spec.html http://home.netscape.com/newsref/std/cookie_spec.html Or RFC 2109 at http://www.ietf.org/rfc/rfc2109.txt Or RFC 2109 at http://www.ietf.org/rfc/rfc2109.txt http://www.ietf.org/rfc/rfc2109.txt Or http://www.cookiecentral.com. Or http://www.cookiecentral.com.http://www.cookiecentral.com

13 2001Daniel L. Silver13 Servlets and Sessions Solution is most commonly used with Java servlets and JSPs Solution is most commonly used with Java servlets and JSPs The Servlet JDK comes with HTTP class that facilitates session management - HttpSession The Servlet JDK comes with HTTP class that facilitates session management - HttpSession A session is a connection between a client and server that persists over multiple HTTP request / responses A session is a connection between a client and server that persists over multiple HTTP request / responses

14 2001Daniel L. Silver14 Servlets and Sessions A new session is established by using the getSession() method of HttpSession class: A new session is established by using the getSession() method of HttpSession class: HttpSession session = req.getsession(true); If parameter = “true” the servlet engine checks to see if an session already exists, if so a handle is returned, otherwise a new session is created If parameter = “true” the servlet engine checks to see if an session already exists, if so a handle is returned, otherwise a new session is created Therefore, more than one servlet can participate in a session Therefore, more than one servlet can participate in a session Cookies are used to identify a session on the client Cookies are used to identify a session on the client

15 2001Daniel L. Silver15 Servlets and Sessions Session objects contain various information: HttpSession session = request.getSession(); out.println(rb.getString("sessions.id") + " " + session.getId()); out.println(" "); [NOTE: rb is a resource bundle class – replace rb.getString() with ASCII text for your own purposes] out.println(rb.getString("sessions.created") + " "); out.println(new Date(session.getCreationTime()) + " "); out.println(rb.getString("sessions.lastaccessed") + " "); out.println(new Date(session.getLastAccessedTime()));

16 2001Daniel L. Silver16 Servlets and Sessions Data stored as attribute-value pairs Data stored as attribute-value pairs Three key HttpSession methods: Three key HttpSession methods: –setAttribute(dataName, dataValue) –getAttributeNames(), getAttribute(dataName) Examples: Examples: String dataName = request.getParameter("dataname"); String dataValue = request.getParameter("datavalue"); if (dataName != null && dataValue != null) { session.setAttribute(dataName, dataValue); session.setAttribute(dataName, dataValue);} Enumeration names = session.getAttributeNames(); Enumeration names = session.getAttributeNames(); while (names.hasMoreElements()) { while (names.hasMoreElements()) { String name = (String) names.nextElement(); String name = (String) names.nextElement(); String value = session.getAttribute(name).toString(); String value = session.getAttribute(name).toString(); out.println(name + " = " + value + " "); out.println(name + " = " + value + " "); }

17 2001Daniel L. Silver17 Servlets and Sessions Example: Example: http://eagle.acadiau.ca:8080/examples/servlets/index.html http://eagle.acadiau.ca:8080/examples/servlets/index.htmlhttp://eagle.acadiau.ca:8080/examples/servlets/index.html –Full source code http://eagle.acadiau.ca/demo/SessionExample.java Problems with this method? Problems with this method? –Normally, HTTPSession terminates when browser is closed –You may wish to have a business session (shopping tour) extend beyond browser closures

18 THE END danny.silver@acadiau.ca

Download ppt "Comp2513 Java Servlets and Sessions Daniel L. Silver, Ph.D."

Similar presentations

Cookie in a servlet. Cookies are small bits of textual information that a Web server sends to a browser and that the browser returns unchanged when visiting.

Cookie in a servlet. Cookies are small bits of textual information that a Web server sends to a browser and that the browser returns unchanged when visiting.
Servlets and a little bit of Web Services Russell Beale.

Servlets and a little bit of Web Services Russell Beale.
Liang, Introduction to Java Programming, Sixth Edition, (c) 2005 Pearson Education, Inc. All rights reserved. 0-13-148952-6 1 Chapter 34 Servlets.

Liang, Introduction to Java Programming, Sixth Edition, (c) 2005 Pearson Education, Inc. All rights reserved Chapter 34 Servlets.
Servlets and JSP Nelson Padua-Perez William Pugh Department of Computer Science University of Maryland, College Park.

Servlets and JSP Nelson Padua-Perez William Pugh Department of Computer Science University of Maryland, College Park.
Servlet Session Tracking. 2 Persistent information A server site typically needs to maintain two kinds of persistent (remembered) information: Information.

Servlet Session Tracking. 2 Persistent information A server site typically needs to maintain two kinds of persistent (remembered) information: Information.
Chapter 10 Managing State Information PHP Programming with MySQL.

Chapter 10 Managing State Information PHP Programming with MySQL.
Comp2513 Java Servlet Basics Daniel L. Silver, Ph.D.

Comp2513 Java Servlet Basics Daniel L. Silver, Ph.D.
Comp2513 E-Commerce Infrastructure 2 Daniel L. Silver, Ph.D.

Comp2513 E-Commerce Infrastructure 2 Daniel L. Silver, Ph.D.
Chapter 10 Maintaining State Information Using Cookies.

Chapter 10 Maintaining State Information Using Cookies.
Servlets Compiled by Dr. Billy B. L. Lim. Servlets Servlets are Java programs which are invoked to service client requests on a Web server. Servlets extend.

Servlets Compiled by Dr. Billy B. L. Lim. Servlets Servlets are Java programs which are invoked to service client requests on a Web server. Servlets extend.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
ASHIMA KALRA.  INTRODUCTION TO JSP INTRODUCTION TO JSP  IMPLICIT OBJECTS IMPLICIT OBJECTS  COOKIES COOKIES.

ASHIMA KALRA.  INTRODUCTION TO JSP INTRODUCTION TO JSP  IMPLICIT OBJECTS IMPLICIT OBJECTS  COOKIES COOKIES.
Web technologies and programming cse4461 - hypermedia and multimedia technology Fanis Tsandilas April 3, 2007.

Web technologies and programming cse hypermedia and multimedia technology Fanis Tsandilas April 3, 2007.
1 Servlet How can a HTML page, displayed using a browser, cause a program on a server to be executed?

1 Servlet How can a HTML page, displayed using a browser, cause a program on a server to be executed?
FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.

Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.

CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.

IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
2: Application Layer1 CS 4244: Internet Software Development Dr. Eli Tilevich.

2: Application Layer1 CS 4244: Internet Software Development Dr. Eli Tilevich.

Similar presentations

Ads by Google