360 likes | 495 Views
Session Management. Review. Page-centric designs in JSP are called Model 1 architecture Model 1 architecture is used for simple applications and generates dynamic content Model 2 architecture is suitable for large and complex applications as it uses a combination of servlets and JSP
E N D
Review • Page-centric designs in JSP are called Model 1 architecture • Model 1 architecture is used for simple applications and generates dynamic content • Model 2 architecture is suitable for large and complex applications as it uses a combination of servlets and JSP • Model 2 applications are based on Model-View-Controller (MVC) pattern • MVC pattern contains a Model, View, and Controller • RequestDispatcher interface forwards the request from a JSP page or a servlet to other resources, such as HTML file, servlet, or a JSP page • The two methods in RequesDispatcher interface are include() and forward() • Errors in JSP page include Translation time and Request time errors
Objectives • Define session • Explain and implement session tracking mechanism • Describe session lifecycle • Extend Java Server Pages
Introducing Session • A long-term connection using the session layer of a network protocol • The Web server identifies requests and responses across a network connection as a single working session • Session acts as a link between the Web server and the client events • Web server uses the session to post client events to the server objects
Introducing Session - Contd… • JSP uses the sessions to store unique data of a particular client connected to a Web application Sessions for two Web browsers(Clients)
Overview of Session Tracking Mechanisms • Maintains a session till the user is browsing the Web site • Used in interactive Web applications to store the information of the user logged in to the Web site • The information stored is used to identify the user sending a request to the Web server • Session tracking helps to maintain the session information and keeps track of the multiple requests made by the client
Implementing Session Tracking – Mechanisms • Server-side technologies maintain the information on the Web server • The server creates a session Id for the user logged in to the Web site and sends the session Id to the user computer • The session tracking feature contained in the servlets or JSP container maintains the state of a Web browser
Session Tracking - Contd… • Information is sent to the browser in three ways, which include: • Cookies • URL Rewriting • Hidden form field method
Cookies • Cookies are text files stored on the user’s computer containing the session Id of the user sent by the Web server • The cookie is sent back to the Web server with every subsequent request made by the user in the same session • The cookie includes a name, a single value and optional attributes • Cookies are used for maintaining sessions and do not have an expiration time
Cookies – Contd… • Cookies help to maintain a single session for a user browsing the Web site
Cookies – Contd… • Advantages of Cookies are: • Remember user IDs and password. • To track visitors on a Web site for better service and new features. • Cookies enable efficient ad processing. • Disadvantages of Cookies are: • The size and number of cookies stored are limited. • Personal information is exposed to the other users. • Cookies fails to work if the security level is set too high in the Internet browser.
URL Rewriting • JSP hides the details of a cookie-based session tracking and supports the URL rewriting mechanism • URL Rewriting works with Web browsers that do not support cookies or the cookies that are disabled on a Web browser • Each URL that references the Web browser is returned to the user and contains additional information
URL Rewriting – Contd… The session ID is encoded in the URLs that are created by the JSP pages
URL Rewriting – Contd… <b>Search results for books</b><form method="post" action="serverprogram.jsp"><input type="checkbox" name="productID" value="100">CD MP3 Converter Kit For Your CAR<br><input type="checkbox" name="productID" value="101">Front Loading Car MP3/CD Player With Anti Shock Memory and FM<br> <input type="checkbox" name="productID" value="102">CAR/Home DVD/VCD/MP3 Playerwith anti shock for Indian Roads<br><input type="submit" name="Submit" value="Add to Cart"><br></form> URL of server side program Provides check box for different products Submits the user input to URL
URL Rewriting - Contd… <b>Search results for books</b><form method="post" action="serverprogram.jsp?productID=102"> <input type="checkbox" name="productID" value="150">DVD Player with built in Amplifier <br><input type="checkbox" name="productID" value="160">Ultra Slim DVD Player Multi Region 5.1 Digital<br><input type="submit" name="Submit" value = "Add to Cart"> <br></form> URL for server side program after the user selects a product and goes to another page Provides check box for different products Submits input to the URL
URL Rewriting – Contd… • Disadvantages of Cookies are: • Server side processing is tedious. • Every URL that is returned to the user should have additional information appended to it. • If the user leaves the session and opens the Web page using a link or bookmark then the session information is lost .
Hidden Form Fields Method • Information from the Web browser is returned to the Web server in the form of HTTP parameters • Utilizes the hidden fields in an HTML page • Hidden fields in the form are used to send the information to the Web browser • Stores information about a session • Helps to carry the information from one HTML page to another
Hidden Form Fields – Contd… • When the user visits the next page, the server side program reads all the parameters that a user passes in the previous form
Hidden Form Fields Example <b>Search results for books</b> <form method="post" action="serverprogram.jsp"> <input type="hidden" name="productID" value="100"> <input type="checkbox" name="productID" value="150">DVD Player with Built in Amplifier<br><input type="checkbox" name="productID" value="160">Ultra Slim DVD Player Multi Region 5.1 Digital<br> <input type="submit" name="Submit" value="Add to Cart"><br></form> Hidden input field Provides check box for user input Submits user input to the server side program
Hidden Form Fields – Contd… • The advantages of hidden form fields are: • Simplest way to implement session tracking • Displays nothing on the HTML page but can be used to hold any kind of data • Helps to maintain a connection between two pages • The disadvantage of hidden form fields is that this method of session tracking displays sensitive information to the user. • The information includes the data passed around to maintain a session.
Session Life Cycle • The server assigns a unique ID to the session created for a particular user request. • This session ID is passed to the client as a cookie or a hidden variable. • The session is considered new until the client returns the session ID to the server through a cookie or as a part of the requested URL. • A session exists on the server until it becomes invalid or the server is stopped. • The HttpSession objects are used to store the session data in the current servlet context.
Using Session Object • Session object can be used to store and read data. • The session object acts almost like a bulletin board from where the objects can be written or read
Using Session Object - Contd… • The request() method requests for the session object. … … // Obtain a session object HttpSession session = request.getSession(true); //Add an item to the session Integer sessionData = new Integer (100); Session.putValue(“IntValue”, sessionData); … … Obtains a session object Adds item to the session object
Using Session Object - Contd… • The session value can be read and cast to the appropriate object type. … // Obtain a session object HttpSession session = request.getSession(true); // Read the session data and cast it to the appropriate object type Integer sessionInt = (Integer) session.getValue(“session”); int count = sessionInt.intValue(); … … Obtains a session object Reads the session value Casts the session value to appropriate datatype
Using Session Objects – Contd… • The session can be invalidated using the invalidate() method of the HttpSession object. <% String sessionval=(String)session.getAttribute("userid")); if(sessionval == null) { session.setAttribute("userid",sessionval); out.println(session.getAttribute("userid")); } else { out.println("User Session already created"); } %> <b>click this link to <a href="<%=session.removeAttribute("userid")%>">remove session attribute</a></b><br/> <b>click this link to <a href="<%=session.invalidate()%>"> invalidate the session</a></b><br/> Accepts userid If sessionval is null, the value of sessionval is set to userid. Removes the session Invalidates the session
Using Session Object – Contd… • The binding of objects to a request object is similar to the storing of the object in a session • An object bound to a request is available only for the life of that particular request • An object can be bound using the setAttribute(String key, Object obj) method in the HttpRequest interface • An object can be retrieved using the getAttribute(String key) method.
Extending Java Server Pages • The superclass may offer several benefits, such as, a set of utilities, which may not be offered by the standard packages • In order to extend a JSP from a superclass, both the superclass and the extended JSP must follow several requirements
Superclass • A superclass must implement the HttpJspPage interface to use the HTTP protocol or it must implement the JSP interface. • The superclass should include: • All methods from the Servlet Interface and must be declared as final. • The Service() method that should invoke the _jspService() method. • The init() method that should invoke the jspInit() method. • The destroy() method that should invoke the jspDestroy() method
JSP Sub-class • A JSP sub-class should provide jspInit() method and jspDestroy() method. <%@ page extends = “servlet.JSPBase” %> <%! public void jspInit(){ } public void jspDestroy(){ } %> <% out.println(“<B> User Name: </B>” + getUser(request) + “<P>”); out.println(“<B> Catalog: </B>” + getCatalog(request)); %> Empty methods that satisfy the JSP sub-classing conditions
Summary • Session is a long-term connection that uses the session layer of a network layer protocol • Session acts as a link between the server and the client events • Web server uses the session to post client events to the server objects • Server objects utilize the session for passing messages to the client and listening to client events • The different methods of session object includes: • getAttribute() • getAttributeNames() • getCreationTime() • getId() • getLastAccessedtime() • getMaxInactiveInterval() • removeAttribute() • setAttribute() • setMaxInactiveInterval()
Summary – Contd… • Session tracking maintains a session till the user browses the Web site • The session tracking feature contained in the servlets or JSP container maintains the state of a Web browser • Cookies are text files stored on the user’s computer containing the session Id of the user, sent by the Web server • A Cookie is sent back to the Web server with every subsequent request made by the user in the same session • URL rewriting works with Web browsers that do not support cookies or the cookies that are disabled on a Web browser • The information from the Web browser is returned to the server in the form of HTTP parameters • Hidden form fields are used to store information about a session. • Hidden form field helps to carry the information from one HTML page to another HTML page
Summary – Contd… • The server assigns a unique ID to the session created for a particular user request. • The HttpSession object is defined by the HttpSession interface, and is obtained using the getSession() method of the HttpServletRequest object. • Session object can be used to store and read data and acts almost like a bulletin board from where the objects can be written or read. • When the reading or writing operation is complete, the session can be invalidated using the invalidate() method of the HttpSession object. • Binding of objects to a request object is similar to the storing of the object in a session. • An object can be bound using the setAttribute(String key, Object obj) method in the HttpRequest interface, and can be retrieved using the getAttribute(String key) method. • A superclass must implement the HttpJspPage interface to use the HTTP protocol or it must implement the JSP interface. • A JSP sub-class should provide jspInit() method and jspDestroy() method.