Module 3

Back End Development

 Session Tracking in Servlets
● Session simply means a particular interval of
time.
● Session Tracking is a way to maintain state
(data) of an user. It is also known as session
management in servlet.
● Http protocol is a stateless so we need to
maintain state using session tracking
techniques.
● Each time user requests to the server, server
treats the request as the new request.
● So we need to maintain the state of an user to
recognize to particular user.
● HTTP is stateless that means each request is
considered as the new request. It is shown in
the figure:
Why is Session Tracking Required?
● Because the HTTP protocol is stateless, we require Session Tracking to
make the client-server relationship stateful.

● Session tracking is important for tracking conversions in online shopping,

mailing applications, and E-Commerce applications.

● The HTTP protocol is stateless, which implies that each request is treated
as a new one. As you can see in the image below.
Session Tracking employs Four Different techniques
● Cookies
● Hidden Form Field
● URL Rewriting
● HttpSession
Cookies
● Cookies are little pieces of data delivered by the web server in the
response header and kept by the browser.
● Each web client can be assigned a unique session ID by a web
server.
● Cookies are used to keep the session going.
● Cookies can be turned off by the client.
How cookies works
By default, each request is considered as a new request. In cookies technique, we
add cookie with response from the servlet. So cookie is stored in the cache of the
browser. After that if request is sent by the user, cookie is added with request by
default. Thus, we recognize the user as the old user.
Types of Cookie
1. Non-persistent cookie
2. Persistent cookie

Non-persistent cookie

It is valid for single session only. It is removed each time when user closes the browser.

Persistent cookie

It is valid for multiple session . It is not removed each time when user closes the browser. It
is removed only if user logout or signout.
Simple example of Servlet Cookies
Hidden Form Field
● The information is inserted into the web pages via the hidden form field,
which is then transferred to the server.
● These fields are hidden from the user’s view.
● Illustration:

<input type = hidden' name = 'session' value = '12345' >

URL Rewriting
● With each request and return, append some more data via URL as
request parameters.
● URL rewriting is a better technique to keep session management and
browser operations in sync.
HttpSession
● A user session is represented by the HttpSession object. A session is
established between an HTTP client and an HTTP server using the
HttpSession interface. A user session is a collection of data about a user
that spans many HTTP requests.
● The request must be made. Before sending any document content to the
client, you must first call getSession().
● Illustration:

HttpSession session = request.getSession( );

Session.setAttribute("username", "password");
 Methods provided by the HttpSession object:

Method Description

public Object getAttribute(String This method returns the object in this session bound with the supplied name, or null if
name) no object is bound with the name.

public Enumeration This function returns an Enumeration of String objects with the names of all the items
getAttributeNames() associated with this session.

This method returns the milliseconds since midnight January 1, 1970 GMT, when this
public long getCreationTime()
session was created.
 Method Description

public String getId() This function returns a string that contains the session’s unique identification.

public long This function returns the session’s most recent accessible time in milliseconds since
getLastAccessedTime() midnight on January 1, 1970 GMT.

public int The maximum time interval (seconds) for which the servlet container will keep the
getMaxInactiveInterval() session open between client requests is returned by this function.

public void invalidate() This function unbinds any objects connected to this session and invalidates it.

public boolean isNew() If the client is unaware of the session or decides not to join it, this function returns true.
Methods provided by the HttpSession object cont..

Method Description

public void removeAttribute(String The object bound with the supplied name is removed from this session using
name) this method.

public void setAttribute(String name,

This function uses the supplied name to tie an object to this session.
Object value)

public void setMaxInactiveInterval(int This function defines the interval between client requests before the servlet
interval) container invalidates this session in seconds.
Example