SCHOOL OF COMPUTER SCIENCE AND ENGINEERING DEPARTMENT

OF SCIENCE AND APPLICATION

• CIA -3 Presentation
• Subject: Advance Java
By
• M r. V i p u l S P a ti l
• Mr. Saikrishna B Dandwate
TY BCA- B
PRN NO -- 220105011333
220105011298
Academic year-2024-25
INTRODUCTION TO SESSION
MANAGEMENT

• Definition: Session management is a way to store and retrieve user-specific data

across multiple requests.
• Importance: Enables personalization, user authentication, and data persistence
across multiple pages in a web application.
WHAT IS URL REWRITING?

• Definition: A technique to maintain session state by embedding session

information directly into the URL.
• How it works:
• Appends session ID or parameters to the URL.
PROS AND CONS OF URL REWRITING

• Advantages:
• Works even if cookies are disabled.
• Simple implementation.
• Disadvantages:
• Security risks (session ID exposed in URL).
• Inconvenient for bookmarking.
• Limited length of URLs.
WHAT ARE COOKIES?

• Definition: Small pieces of data stored on the client-side (browser) and sent back
to the server with each request.
• Types:
• Session Cookies: Deleted when the browser is closed.
• Persistent Cookies: Stored on the user’s device for a defined period.
HOW COOKIES WORK

• Client-Server Flow:
• Server sends a cookie with a response.
• Browser stores the cookie.
• Browser sends the cookie back with subsequent requests to the same
server.
• Usage: Storing user preferences, tracking sessions, authentication tokens.
PROS AND CONS OF COOKIES

• Advantages:
• Simple, widely supported.
• Can store small pieces of user-specific data.
• Disadvantages:
• Limited size (4KB per cookie).
• Privacy concerns (tracking).
• Can be disabled by the user.
HTTP SESSION IN JAVA

• Definition: A server-side mechanism to store user data across multiple requests.

How it works:
• A unique session ID is generated for each user.
• Data is stored on the server side, linked with this session ID.
• The session ID is typically maintained via cookies or URL rewriting.
HTTP SESSION VS COOKIES

•Http Session: •Cookies:

• Server-side storage. • Client-side storage.

• More secure (data not • Used for lightweight data

exposed to the client). like user preferences.

• Larger data storage • Limited data size and

capacity. subject to user settings.
What is User Authorization?

Definition:
User authorization is the process of granting or denying access to resources based on a user's privileges.

•Difference from Authentication:

•Authentication verifies identity (who you are).

•Authorization defines what actions you're allowed to perform (what you can do).

•Examples:

•Admins can modify user data.

•Regular users can view data but not edit.
TYPES OF USER AUTHORIZATION

• Role-Based Access Control (RBAC):

Users are assigned roles, and access rights are assigned to these roles.
• Attribute-Based Access Control (ABAC):
Access is granted based on user attributes, resource attributes, and environmental
conditions.
• Access Control Lists (ACLs):
Specific permissions are assigned to users for specific resources.
IMPLEMENTING USER AUTHORIZATION

• How to Implement User Authorization

Steps:

• Define user roles and permissions based on organizational needs.

• Use authentication mechanisms (e.g., OAuth, JWT).
• Regularly review and update access controls.
• Best Practices:
• Principle of Least Privilege: Users should have the minimum level of access necessary.
• Regular audits and monitoring of access logs.
CONCLUSION

• Key Takeaways:
• URL rewriting can manage sessions when cookies are disabled, but it has security risks.
• Cookies are useful for lightweight, client-side storage, but have size and privacy limitations.

• Final Thought: Choose the appropriate session management technique based on the application's
needs for security, data size, and browser compatibility.