- Session management refers to tracking the state of an end user across Web pages.
- Session management enables programmers to create applications where the state of an end user is required to be maintained across multiple Web pages.]
- Sessions are represented by an HttpSession object.
- You access a session by calling the HttpServletRequest.getSession() or HttpServletRequest.getSession(boolean) method of a request object.
- This method returns the current session associated with this request, or, if the request does not have a session, it creates one (unless boolean argument is false).
- You can associate object-valued attributes with a session by name.
- Such attributes are accessible by any Web component that belongs to the same Web context and is handling a request that is part of the same session.
OR
- A session is much like what it sounds, when a user makes a page request to the server, the server creates a temporary session to identify that user.
- So when that same user goes to another page on that site, the server identifies that user.
- So a session is a small and temporary unique connection between a server and the user enabling it to identify that user across multiple page requests or visits to that site.
- Session management is to use the API provided by your application server to identify the user across multiple page requests.
- Note that every server has it’s own set of API for session management, since we are talking about ‘Managing Sessions with Java Servlets’, we will be making use of the Servlet API 2.2 which almost all of the Java application servers support.
- Thousands and Lakhs of simultaneous users can be visiting your site and if you can identify each of them separately then it can provide tremendous benefits to you.
- Following are only some of the uses which have come to me :
- Security :- You can allow membership based access to your site thus making sure that only members get to see special content on your site. After logging in you can identify members from non-members by setting an attribute on the user session to some value. Thus no need to log in again and again.
- Customizations :- You can allow site visitors to customize the look and feel of your site, thus show each user a different view of your site. You can also show different content to different users depending on their preferences.
- User Behavior :- You can log user behavior like how many ad views have been shown to the user. If lot have been shown with no response from the user then it is time to change that ad.
The techniques for managing the state of an end user are:
- Hidden form field
- URL rewriting
- Cookies
- Servlet session API [ HttpSession]
Hidden Form Field is:
- Simplest technique to maintain the state of an end user.
- Embedded in an HTML form.
- Not visible when you view an HTML file in a browser window.
- Not able to maintain the state of an end user when it encounters a static document.
Eg.
<form action="Some Action">
Hello ! <input type="hidden" name="user" value="James">
<input type="Submit" value="Click Here">
</form>
URL Rewriting:
- Maintains the state of end user by modifying the URL.
- Is used when the information to be transferred is not critical.
- Cannot be used for maintaining the state of an end user when a static document is encountered.
- User can’t modify the URL.
- Are chunks of information created by the server and are stored by the browser on the client machine.
- Supported by the Web browser and the size of each cookie is maximum of 4 kilobytes.
- By default, Internet Explorer can store a maximum of 20 cookies for each domain. Now, Internet Explorer increases the per-domain cookie limit from 20 to 50.
- If a server in the domain sends more than 20 cookies to a client computer, the browser on the client computer automatically discards some old cookies.
- Each cookie consists of a single name-value pair. This pair may be followed by attribute-value pairs that are separated by semicolons.
- Are used by the server to find out the computer name, IP address, or any other details of the client computer.
- Creates a cookie, a small amount of information sent by a servlet to a Web browser, saved by the browser, and later sent back to the server.
- A cookie’s value can uniquely identify a client, so cookies are commonly used for session management.
- A cookie has a name, a single value, and optional attributes such as a comment, path and domain qualifiers, a maximum age, and a version number.
One Constructor of Cookie class :
Cookie(java.lang.String name, java.lang.String value) Constructs a cookie with a specified name and value.
Method Summary |
java.lang.String |
getName() Returns the name of the cookie. |
java.lang.String |
getValue() Returns the value of the cookie. |
void |
setComment(java.lang.String purpose) Specifies a comment that describes a cookie’s purpose. |
java.lang.String |
getComment() Returns the comment describing the purpose of this cookie, or null if the cookie has no comment. |
int |
getMaxAge() Returns the maximum age of the cookie, specified in seconds, By default, -1 indicating the cookie will persist until browser shutdown. |
void |
setMaxAge(int expiry) Sets the maximum age of the cookie in seconds. |
void |
setValue(java.lang.String newValue) Assigns a new value to a cookie after the cookie is created. |
- Now, We know how to track user sessions programmatically, using URL rewriting, Cookies, and hidden form fields respectively.
- Each of these techniques required some unique string to be exchanged between the client and the server, so that the server could recognize the client.
- However, there are certain complications with all three approaches:
- The Java Servlet API, has provisions to look at the session handling The Servlet API provides the following facilities for managing sessions:
- Management of session lifecycle, including session creation and termination.
- Management of session state.
- The Java Servlet API provides the following interfaces and classes for session handling in the javax.servlet.http package:
- javax.servlet.http.HttpSession :- Provides an abstraction of a session
- javax.servlet.http.HttpSessionListener :- Handles events associated with session creation and termination (lifecycle events).
- javax.servlet.http.HttpSessionBindingListener :- Handles events associated with binding and unbinding state for sessions.
- This interface allows servlets to
- View and manipulate information about a session, such as the session identifier, creation time, and last accessed time
- Bind objects to sessions, allowing user information to persist across multiple user connections
- Sessions are represented by an HttpSession object. You access a session by calling the HttpServletRequest.getSession() or HttpServletRequest.getSession(boolean) method of a request object.
- This method returns the current session associated with this request, or, if the request does not have a session, it creates one (unless boolean argument is false).
You can associate object-valued attributes with a session by name. Such attributes are accessible by any Web component that belongs to the same Web context and is handling a request that is part of the same session.
Method Summary |
void |
setAttribute(java.lang.String name, java.lang.Object value) Binds an object to this session, using the name specified. |
java.lang.Object |
getAttribute(java.lang.String name) Returns the object bound with the specified name in this session, or null if no object is bound under the name. |
java.util.Enumeration |
getAttributeNames() Returns an Enumeration of String objects containing the names of all the objects bound to this session. |
long |
getCreationTime() Returns the time when this session was created, measured in milliseconds since midnight January 1, 1970 GMT. |
java.lang.String |
getId() Returns a string containing the unique identifier assigned to this session. |
long |
getLastAccessedTime() Returns the last time the client sent a request associated with this session, as the number of milliseconds since midnight January 1, 1970 GMT, and marked by the time the container recieved the request. |
int |
getMaxInactiveInterval() Returns the maximum time interval, in seconds, that the servlet container will keep this session open between client accesses. |
void |
invalidate() Invalidates this session then unbinds any objects bound to it. |
void |
removeAttribute(java.lang.String name) Removes the object bound with the specified name from this session. |
void |
setMaxInactiveInterval(int interval) Specifies the time, in seconds, between client requests before the servlet container will invalidate this session. |
Note: After download, extract folder and copy whole folder in webapps tomcat server and then run the application.
Recent Comments