230 likes | 438 Views
Session Tracking - 2. Lec 32. Last Lecture Review. Session Tracking – why? Need to store state – typical solutions Cookies – already learned URL Rewriting Hidden Form Fields. Session Tracking. Session ID = 123XYZ Shopping Cart sc [item 1=324]. Request. Amazon. Servlet Container.
E N D
Session Tracking - 2 Lec 32
Last Lecture Review • Session Tracking – why? • Need to store state – typical solutions • Cookies – already learned • URL Rewriting • Hidden Form Fields
Session Tracking Session ID = 123XYZ Shopping Cart sc [item 1=324] Request Amazon ServletContainer Credit: cs193i at Standford
Session Tracking Session ID = 123XYZ Shopping Cart sc [item 1=324] Amazon Response: Set-Cookie: sid=123XYZ Servlet Container Credit: cs193i at Standford
Session Tracking Request: Set-Cookie: sid=123XYZ Session ID = 123XYZ Shopping Cart sc [item 1=324] Amazon ServletContainer Credit: cs193i at Standford
Session Tracking Request: Set-Cookie: sid=123XYZ Session ID = 123XYZ Shopping Cart sc [item 1=324 item 2=115] Amazon ServletContainer Credit: cs193i at Standford
URL Rewriting • We can pass extra information to client by rewriting URLs. (appending info with URL) • The extra information can be in the form of • Extra path information, • Added parameters, or • Some custom, server-specific URL change • Due to limited space available in rewriting a URL, the extra information is usually limited to a unique session ID
URL Rewriting: Examples • For example, the following URLs have been rewritten to pass the session id 123 • Original http://server:port/servlet/rewrite • Extra path information http://server:port/servlet/rewrite/123 • Added parameter http://server:port/servlet/rewrite?id=123 • Custom change http://server:port/servlet/rewrite;$id$123
URL Rewriting: Disadvantages • What if the user bookmarks the page? • Every URL on a page which needs the session information must be rewritten each time page is served • Computationally expensive • Can increase communication overhead • State stored in URLs is not persistent • Limits the client’s interaction with the server to HTTP GET request
Hidden Form Fields • <input type=“hidden” name=“sessionid” value=“123”>
Java’s Solution forSession Tracking HttpSession API
Using HttpSession • To get the user’s session object • Call getSession( ) method of HTTPServletRequest class • pass false to the getSession() method HttpSession ses = request.getSession(false); • If no current session exists: • You will get a null object
Using HttpSession cont. • To get the user’s session object (cont.) • If true is passed to the getSession() method then • If user already has a session • the existing session is returned • For example: HttpSession ses = request.getSession(true); • If no session exists • a new one is created and returned
Using HttpSession cont. • Storing information in a session • Session objects works like a HashMap • HashMap is able to store any type of java object • You can therefore store any number of keys and their values • For example ses.setAttribute(“id”, “123”); key Value
Using HttpSession cont. • Looking up information associated with a session String sID = (String)ses.getAttribute(“id”); returns an Object type, so you will need to perform a type cast
Using HttpSession cont. • Terminating session • Automatic • After the amount of time session gets terminated automatically( getMaxInactiveInterval( ) ) • Manual ses.invalidate();
Example Code Showing Session Information
Encoding URLs Sent to Client • HttpServletResponse provides two methods to perform encoding • String encodeURL(String URL) • String encodeRedirectURL(String URL) • If Cookies disabled • Both methods encodes (rewrites) the specified URL to include the session ID and returns the new URL • If Cookies enabled • Returns the URL unchanged
Encoding URLs Sent to Client cont. • String encodeURL(String URL) • For example String URL = “/servlet/sessiontracker”; String eURL = response.encodeURL(URL); out. println("<A HREF=\"" + eURL + "\">...</A>");
Encoding URLs Sent to Clientcont. • String encodeRedirectURL(String URL) • For example String URL = “/servlet/sessiontracker”; String eURL = response.encodeRedirectURL(URL); response.sendRedirect(eURL);
Example Code Online Book Store