Web Programming and &

User Interface Design

Week 3
 Learning Objectives
 Server side Validation with Login form
 Introduction to Sessions
 Java Server Pages and MVC architecture
INTRODUCTION TO
Sessions
 Objectives
 To review the problem that the HTTP
connectionless environment poses for E-
Commerce
 Solution 1: hidden fields
 Solution 2: cookies
 Solution 3. session control
 Websphere Java Servlet
Request Processing
Client http://eagle.acadiau.ca/demo/servlet/HelloWorld
Browser

HTML
Tomcat
HTTP
Internet App. Server
Internet Server
JVM
servlet/HelloWorld

HelloWorld.class
demo/servlet/ equates to
…/demo/WEB-INF/classes/HelloWorld.class
 HTTP is Connectionless
 The HTTP protocol is connectionless
 Knowledge of prior pages visited or, for
example, products placed in a shopping cart
are easily lost
 So how can server applications maintain a
sense of a session with a client?
– hidden fields
– cookies
– session control
 Hidden Fields in HTML
 Solution comes from CGI period
 Server hides session information within HTML
returned to the client
 FORM field INPUT type can be set to “hidden”
<INPUT TYPE=“hidden” NAME=“itemsbought”
VALUE=“209087,342901”>
 Field name and value will be returned to the server
by the client when the client submits the form
request to the server
 Hidden Fields in HTML

 Problems with this method?

– User can see the hidden info (use source view)
– Causes a lot of additional HTTP traffic
– Session info is lost if HTML (that contains
hidden fields) is lost
 Servlets and Cookies
 Solution comes from CGI period but has evolved with
Java servlets
 Servlets send a small piece of data to the client that gets
written to a secure disk area:
How does the servlet do this?
Cookie c = new Cookie(name, value);
…
response.addCookie(c)
 So the session data (products placed in the users shopping
cart) can be stored in cookie
 Or simply an ID can be placed in the cookie and the server
can maintain the session data
 Servlets and Cookies
 Client browsers will check to see if there is
a cookie associated with any request to a
server (URL) or a particular server/path …
The server can establish the URL specifics:
Cookie c = new Cookie(name, value);
c.setDomain(“eagle.acadiau.ca”);
c.setPath(“/”);
 Could be more specific if desired … the
above is the default
 Servlets and Cookies
 Whenever a new request is sent to the
server it checks to see if a cookie is
included:
Cookie[] cookies = request.getCookies();
for (int i = 0; i < cookies.length; i++) {
Cookie c = cookies[i];
String name = c.getName();
String value = c.getValue();
…
}
 Servlets and Cookies
 Problems with this method?

– Cookies have limit life (servlet, browser) and size

(4k bytes)

– Maximum number of cookies set by browser

– User may disable cookie acceptance

– Can be inefficient in terms of data communications

 Servlets and Sessions
 Solution is most commonly used with Java
servlets and JSPs
 The Servlet JDK comes with HTTP class
that facilitates session management -
HttpSession
 A session is a connection between a client
and server that persists over multiple HTTP
request / responses
 Servlets and Sessions
 A new session is established by using the
getSession() method of HttpSession class:
HttpSession session = req.getsession(true);
 If parameter = “true” the servlet engine checks to
see if an session already exists, if so a handle is
returned, otherwise a new session is created
 Therefore, more than one servlet can participate in
a session
 Cookies are used to identify a session on the client
 Servlets and Sessions
Session objects contain various information:
HttpSession session = request.getSession();

out.println(rb.getString("sessions.id") + " " + session.getId());

out.println("<br>"); [NOTE: rb is a resource bundle class – replace
rb.getString() with ASCII text for your own purposes]

out.println(rb.getString("sessions.created") + " ");

out.println(new Date(session.getCreationTime()) + "<br>");

out.println(rb.getString("sessions.lastaccessed") + " ");

out.println(new Date(session.getLastAccessedTime()));
 Servlets and Sessions
 Data stored as attribute-value pairs
 Three key HttpSession methods:
– setAttribute(dataName, dataValue)
– getAttributeNames(), getAttribute(dataName)
 Examples:
String dataName = request.getParameter("dataname");
String dataValue = request.getParameter("datavalue");
if (dataName != null && dataValue != null) {
session.setAttribute(dataName, dataValue);
}

Enumeration names = session.getAttributeNames();

while (names.hasMoreElements()) {
String name = (String) names.nextElement();
String value = session.getAttribute(name).toString();
out.println(name + " = " + value + "<br>");
}
THE END