Session Tracking In Servlets
As HTTP is a stateless protocol, any interaction between client browser and servlet lasts as long as the browser is connected to server and the moment browser is closed this session is lost,in no way server will know anything about its client,if client access this server again.In applications where keeping a track of end user is must like in an online shopping or online banking applications,keeping a track of session between user and server is a must.In servlets, various mechanisms are suggested for maintaining session between both entities.One of them is through cookies.Cookies are server sent,small bits of text files which are stored in client browser and this is dependent upon whether client browser supports cookies or not.By default these cookies are deleted the moment client-server communication ends but they can persist for a specified period of time by a developer.When the browser access the same site again then already stored cookie in browser is exchanged with server.
Here is snippet of code, how you set maximum time till a coolie can be alive.
Other in trend approaches are:
-URL Rewriting
-Hidden Form Fields
-HttpSession object based session management
In URL rewriting,a URL is appended with some data automatically encoded each time when accessed through client browser.
If URL-rewriting is supported , it will allow some browsers without cookies support to access the servlet with session tracking. As an example, to encode a reference to a servlet, we could use the following code:
// HttpServletResponse.encodeUrl adds session data automatically
response.encodeUrl ( "/servlets/TestServlet" );
In URL rewriting, every local URL clicked is dynamically modified, or rewritten, to include extra information which can be in the form of extra path information, added parameters, or some custom, server-specific URL change.Usually it is limited to a unique session ID.
In hidden form fields, the html entry for a field will have attribute 'type' with a value as 'hidden', e.g.:
<input type ="hidden" name = "name" value="">.
So in this mechanism whenever the form is submitted, the name,value pair will be appended in get or post methods.It is better to use POST command in order to make sessionId invisible during request submission.
HttpSession object based session management has already been discussed in details in one of previous posts.
Here is snippet of code, how you set maximum time till a coolie can be alive.
Cookie cookie = new Cookie ("user", "smart");
cookie.setMaxAge ( 60 * 60 * 24 * 365 );//setting max age here to one year.
// Add cookie to response
response.addCookie (cookie);
Other in trend approaches are:
-URL Rewriting
-Hidden Form Fields
-HttpSession object based session management
In URL rewriting,a URL is appended with some data automatically encoded each time when accessed through client browser.
If URL-rewriting is supported , it will allow some browsers without cookies support to access the servlet with session tracking. As an example, to encode a reference to a servlet, we could use the following code:
// HttpServletResponse.encodeUrl adds session data automatically
response.encodeUrl ( "/servlets/TestServlet" );
In URL rewriting, every local URL clicked is dynamically modified, or rewritten, to include extra information which can be in the form of extra path information, added parameters, or some custom, server-specific URL change.Usually it is limited to a unique session ID.
In hidden form fields, the html entry for a field will have attribute 'type' with a value as 'hidden', e.g.:
<input type ="hidden" name = "name" value="">.
So in this mechanism whenever the form is submitted, the name,value pair will be appended in get or post methods.It is better to use POST command in order to make sessionId invisible during request submission.
HttpSession object based session management has already been discussed in details in one of previous posts.