Adv Java[Servlet: Session Management]

♠ Posted by Unknown in Adv Java at 07:20

Servlet Session Management

HTTP is a “sessionless” protorcol, so you cannot tell from one server hit to another if you’ve got the same person repeatedly querying your site. Or if it is a completely different person. A great deal of effort has gone into mechanisms that will allow Web developers to track sessions. Companies could not do e-commerce without keeping track of a client and the items they have put into their shopping cart, for example.

There are several methods of session tracking. But the most common methods is with persistent “cookies”. Which are an integral part of the Internet standards. The HTTP working group of the Internet Engineering Task Force has written cookies into the official standard in RFC 2109.

A cookies is nothing more than a small piece of information sent by the Web server to a browser. The browser store the cookies on the local disk, and whenever another call is made to the URL that the cookie is associated with, the cookie is quitely sent along with the call, thus providing the desired information back to that server. Clients can, however, turn off the browser’s ability to accept cookies. If your site must track a client who has turned off cookies, then another method of session tracking must be incorporated by hand, since the session tracking capabilities built into the servlet API are designed around cookies.

The Cookie class :

The Servlet API provides the Cookie class. This class incorporates all the HTTP header details and allows the setting of various cookie attributes. Using the cookie is simply a matter of adding it to the response object. the constructor takes a cookie name as the first argument and a value as the second. Cookies are added to the response object before you send any content.

            Cookie oreo = new Cookie(“TIJava”,”2000”);

            Res.addCookie(cookie);

Cookies are recovered by calling the getCookies() method of the HttpServletRequest object, which returns an array of cookie objects,

            Cookie[] cookies = req.getCookies();

You can then call getValue() for each cookie, to produce a String containing the cookie contents. In the above example, getValue(“ITJava”) will produce a String containing “2000”.

The Session class :

A session is one or more page requests by a client to a Web site during a defined period of time. If you buy groceries online, for example, you want a session to be confined to the period from when you first add an item to “my shopping cart” to the point where you check out. Each item you add to the shopping cart will result in a new HTTP connection, which has no knowledge of previous connections or items in the shopping cart. To compensate for this lack of information, the mechanics supplied by the cookie specification allow your servlet to perform session tracking.

A servlet Session object lives on the server side of the communication channel, its goal is to capture useful data about this client as the client moves through and interacts with your Web sites. This data may be pertinent for the present session, such as items in the shopping cart, or it may be data such as authentication information that was entered when the client first entered your Web site, and which should not have to be reentered during a particular set of transactions.

The Session class of the servlet API uses the Cookie class to do its work. However, all the Session object needs is some kind of unique identifier stored on the client and passed to the server. Web sites may also use the other types of session tracking but these mechanisms will be more difficult to implement as they are not encapsulated into the servlet API.