0% found this document useful (0 votes)
30 views17 pages

W Eb P Rogramming and & U Ser I Nterface D Esign Week 3

This document discusses solutions for maintaining user session state in web applications. It describes hidden fields, cookies, and server-side sessions. Hidden fields expose session data, while cookies have size and number limitations. Server-side sessions use a unique ID stored in a cookie to associate requests with server-side session objects that can store user and application data on the server. This allows session information to be maintained across multiple requests and pages.

Uploaded by

Sneha Katakam
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
30 views17 pages

W Eb P Rogramming and & U Ser I Nterface D Esign Week 3

This document discusses solutions for maintaining user session state in web applications. It describes hidden fields, cookies, and server-side sessions. Hidden fields expose session data, while cookies have size and number limitations. Server-side sessions use a unique ID stored in a cookie to associate requests with server-side session objects that can store user and application data on the server. This allows session information to be maintained across multiple requests and pages.

Uploaded by

Sneha Katakam
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 17

Web Programming and &

User Interface Design


Week 3
Learning Objectives
 Server side Validation with Login form
 Introduction to Sessions
 Java Server Pages and MVC architecture
INTRODUCTION TO
Sessions
Objectives
 To review the problem that the HTTP
connectionless environment poses for E-
Commerce
 Solution 1: hidden fields
 Solution 2: cookies
 Solution 3. session control
Websphere Java Servlet
Request Processing
Client http://eagle.acadiau.ca/demo/servlet/HelloWorld
Browser

HTML
Tomcat
HTTP
Internet App. Server
Internet Server
JVM
servlet/HelloWorld

HelloWorld.class
demo/servlet/ equates to
…/demo/WEB-INF/classes/HelloWorld.class
HTTP is Connectionless
 The HTTP protocol is connectionless
 Knowledge of prior pages visited or, for
example, products placed in a shopping cart
are easily lost
 So how can server applications maintain a
sense of a session with a client?
– hidden fields
– cookies
– session control
Hidden Fields in HTML
 Solution comes from CGI period
 Server hides session information within HTML
returned to the client
 FORM field INPUT type can be set to “hidden”
<INPUT TYPE=“hidden” NAME=“itemsbought”
VALUE=“209087,342901”>
 Field name and value will be returned to the server
by the client when the client submits the form
request to the server
Hidden Fields in HTML

 Problems with this method?


– User can see the hidden info (use source view)
– Causes a lot of additional HTTP traffic
– Session info is lost if HTML (that contains
hidden fields) is lost
Servlets and Cookies
 Solution comes from CGI period but has evolved with
Java servlets
 Servlets send a small piece of data to the client that gets
written to a secure disk area:
How does the servlet do this?
Cookie c = new Cookie(name, value);

response.addCookie(c)
 So the session data (products placed in the users shopping
cart) can be stored in cookie
 Or simply an ID can be placed in the cookie and the server
can maintain the session data
Servlets and Cookies
 Client browsers will check to see if there is
a cookie associated with any request to a
server (URL) or a particular server/path …
The server can establish the URL specifics:
Cookie c = new Cookie(name, value);
c.setDomain(“eagle.acadiau.ca”);
c.setPath(“/”);
 Could be more specific if desired … the
above is the default
Servlets and Cookies
 Whenever a new request is sent to the
server it checks to see if a cookie is
included:
Cookie[] cookies = request.getCookies();
for (int i = 0; i < cookies.length; i++) {
Cookie c = cookies[i];
String name = c.getName();
String value = c.getValue();

}
Servlets and Cookies
 Problems with this method?

– Cookies have limit life (servlet, browser) and size


(4k bytes)

– Maximum number of cookies set by browser

– User may disable cookie acceptance

– Can be inefficient in terms of data communications


Servlets and Sessions
 Solution is most commonly used with Java
servlets and JSPs
 The Servlet JDK comes with HTTP class
that facilitates session management -
HttpSession
 A session is a connection between a client
and server that persists over multiple HTTP
request / responses
Servlets and Sessions
 A new session is established by using the
getSession() method of HttpSession class:
HttpSession session = req.getsession(true);
 If parameter = “true” the servlet engine checks to
see if an session already exists, if so a handle is
returned, otherwise a new session is created
 Therefore, more than one servlet can participate in
a session
 Cookies are used to identify a session on the client
Servlets and Sessions
Session objects contain various information:
HttpSession session = request.getSession();

out.println(rb.getString("sessions.id") + " " + session.getId());


out.println("<br>"); [NOTE: rb is a resource bundle class – replace
rb.getString() with ASCII text for your own purposes]

out.println(rb.getString("sessions.created") + " ");


out.println(new Date(session.getCreationTime()) + "<br>");

out.println(rb.getString("sessions.lastaccessed") + " ");


out.println(new Date(session.getLastAccessedTime()));
Servlets and Sessions
 Data stored as attribute-value pairs
 Three key HttpSession methods:
– setAttribute(dataName, dataValue)
– getAttributeNames(), getAttribute(dataName)
 Examples:
String dataName = request.getParameter("dataname");
String dataValue = request.getParameter("datavalue");
if (dataName != null && dataValue != null) {
session.setAttribute(dataName, dataValue);
}

Enumeration names = session.getAttributeNames();


while (names.hasMoreElements()) {
String name = (String) names.nextElement();
String value = session.getAttribute(name).toString();
out.println(name + " = " + value + "<br>");
}
THE END

You might also like