Sessions

What is a Session?
A session is a state associated with particular user
that is maintained at the server side.
Sessions persist between the HTTP requests Sessions
enable creating applications that depend on
individual user data. For example:
• Login / logout functionality
• Wizard pages
• Shopping carts
• Personalization services
• Maintaining state about the user’s preferences
 Sessions in Servlets
• Servlets include a built-in Session s API.
• Sessions are maintained automatically.
• The Web container associates an unique
HttpSession object to each different client.
• Different clients have different session objects
at the server
• Requests from the same client have the same
session object
• Sessions can store various data
 The Sessions API
The sessions API allows
• To get the HttpSession object from the
HTTPServletRequest object.
• Extract data from the user’s session object.
• Append data to the user’s session object
• Extract meta-information about the session
object, e.g. when was the session created
 Behind The Scenes
• When you call getSession() each user is automatically
assigned a unique Session ID
How does this Session ID get to the user?
• Option 1: If the browser supports cookies, the servlet
will automatically create a session cookie, and store
the session ID within the cookie
• Option 2: If the browser does not support cookies, the
servlet will try to extract the session ID from the URL
• Option 3:In case of Hidden Form Field a hidden
(invisible) textfield is used for maintaining the state of
an user.
 HttpSession Interface
• Container creates a session id for each user.
The container uses this id to identify the
particular user.
• An object of HttpSession can be used to
perform two tasks:
 bind objects
 view and manipulate information about a
session, such as the session identifier, creation
time, and last accessed time.
 How to get the HttpSession object ?
• public HttpSession getSession():Returns the
current session associated with this request, or if
the request does not have a session, creates one.

• public HttpSession getSession(boolean

create):Returns the current HttpSession associated
with this request or, if there is no current session
and create is true, returns a new session.
 Commonly used methods of HttpSession interface

• public String getId():Returns a string containing the

unique identifier value.i.e SessionID
• public long getCreationTime():Returns the time
when this session was created, measured in
milliseconds since midnight January 1, 1970 GMT.
• public long getLastAccessedTime():Returns the last
time the client sent a request associated with this
session, as the number of milliseconds since
midnight January 1, 1970 GMT.
• public void invalidate():Invalidates this session then
unbinds any objects bound to it.
Commonly used methods of HttpSession interface

• public void setAttribute(String name,Object value):

It stores the object of the given name within the
session.
• public Object getAttribute(String name): It returns
an attribute bound to a specified name in the
current session or NULL if no object is found bound
to the name.
• public Enumeration getAttributeNames(String
name): It returns a list of all attribute names
bound to the current session.
Commonly used methods of HttpSession interface
• public void removeAttribute(String name):
It removes an object of a specific name, bound
within session.
• public int setMaxInactiveInterval(int interval):
Specifies the time, in seconds, between client
requests before the servlet container will invalidate
this session.
• public int getMaxInactiveInterval(): Returns the
maximum time interval, in seconds, that the servlet
container will keep this session open between client
accesses.