Session Tracking in Servlets: Maintaining Persistent Information, Slides of Computer Science

The importance of session tracking in servlets and how to maintain persistent information about sessions and users. It covers various session tracking solutions such as cookies, url rewriting, hidden form fields, and java's session tracking api. The document also explains the limitations and advantages of each method.

Typology: Slides

2012/2013

Uploaded on 03/19/2013

dharamnishth
dharamnishth 🇮🇳

2.5

(2)

50 documents

1 / 13

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
More About Servlets
Session Tracking
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd

Partial preview of the text

Download Session Tracking in Servlets: Maintaining Persistent Information and more Slides Computer Science in PDF only on Docsity!

More About Servlets

Session Tracking

Persistent information

• A server site typically needs to maintain two

kinds of persistent (remembered) information:

  • Information about the session
    • A session starts when the user logs in or otherwise identifies himself/herself, and continues until the user logs out or completes the transaction (for example, makes a purchase)
  • Information about the user
    • User information must generally be maintained much longer than session information (for example, remembering a purchase)
    • This information must be stored on the server, for example on a file or in a database

Session tracking

  • HTTP is stateless: When it gets a page request, it has no

memory of any previous requests from the same client

  • This makes it difficult to hold a “conversation”
    • Typical example: Putting things one at a time into a shopping cart, then checking out--each page request must somehow be associated with previous requests
  • The server must be able to keep track of multiple conversations with multiple users
  • Session tracking is keeping track of what has gone

before in this particular conversation

  • Since HTTP is stateless, it does not do this for you
  • You have to do it yourself, in your servlets

Session tracking solutions

• Cookies are small files that the servlet can

store on the client computer, and retrieve

later

• URL rewriting: You can append a unique ID

after the URL to identify the user

• Hidden
fields can be used to store a

unique ID

• Java’s Session Tracking API can be used to do

most of the work for you

Cookies

  • A cookie is a small bit of text sent to the client that can be read

again later

  • Limitations (for the protection of the client):
    • Not more than 4KB per cookie (more than enough in general)
    • Not more than 20 cookies per site
    • Not more than 300 cookies total
  • Cookies are not a security threat
  • Cookies can be a privacy threat
  • Cookies can be used to customize advertisements
  • Outlook Express allows cookies to be embedded in email
  • A servlet can read your cookies
  • Incompetent companies might keep your credit card info in a cookie
  • Netscape lets you refuse cookies to sites other than that to which you connected

Using cookies

  • import javax.servlet.http.*;
  • Constructor: Cookie(String name, String value)
  • Assuming request is an HttpServletRequest and response

is an HttpServletResponse,

  • response .addCookie(cookie);
  • Cookie[ ] cookies = request .getCookies();
    • String name = cookies[i].getName();
    • String value = cookies[i].getValue();

• There are, of course, many more methods in

the HttpServletRequest, HttpServletResponse, and

Cookie classes in the javax.servlet.http package

More HttpServletRequest

methods

  • public HttpSession getSession()
    • Gets the session object for this request (or creates one if necessary)
  • public Enumeration getHeaderNames()
    • Gets an Enumeration of all the field names in the HTTP header
  • public String getHeader(String name)
    • Given the header name, return its value
  • public int getIntHeader(String name)
    • Given the header name, return its value as an int
    • Returns -1 if no such header
    • Could throw a NumberFormatException
  • public Enumeration getHeaders(String name)
    • Given the header name, return an Enumeration of all its values

The Session Tracking API

  • The session tracking API is in

javax.servlet.http.HttpSession and is built on top of cookies

• To use the session tracking API :

  • Create a session:
    • HttpSession session = request .getSession();
      • Returns the session associated with this request
      • If there was no associated session, one is created
  • Store information in the session and retrieve it as needed: - session.setAttribute( name , value ); - Object obj = getAttribute( name );
  • Session information is automatically maintained across Docsity.com

The End