1 / 23

Session Tracking - 2

Session Tracking - 2. Lec 32. Last Lecture Review. Session Tracking – why? Need to store state – typical solutions Cookies – already learned URL Rewriting Hidden Form Fields. Session Tracking. Session ID = 123XYZ Shopping Cart sc [item 1=324]. Request. Amazon. Servlet Container.

quinto
Download Presentation

Session Tracking - 2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Session Tracking - 2 Lec 32

  2. Last Lecture Review • Session Tracking – why? • Need to store state – typical solutions • Cookies – already learned • URL Rewriting • Hidden Form Fields

  3. Session Tracking Session ID = 123XYZ Shopping Cart sc [item 1=324] Request Amazon ServletContainer Credit: cs193i at Standford

  4. Session Tracking Session ID = 123XYZ Shopping Cart sc [item 1=324] Amazon Response: Set-Cookie: sid=123XYZ Servlet Container Credit: cs193i at Standford

  5. Session Tracking Request: Set-Cookie: sid=123XYZ Session ID = 123XYZ Shopping Cart sc [item 1=324] Amazon ServletContainer Credit: cs193i at Standford

  6. Session Tracking Request: Set-Cookie: sid=123XYZ Session ID = 123XYZ Shopping Cart sc [item 1=324 item 2=115] Amazon ServletContainer Credit: cs193i at Standford

  7. URL Rewriting

  8. URL Rewriting • We can pass extra information to client by rewriting URLs. (appending info with URL) • The extra information can be in the form of • Extra path information, • Added parameters, or • Some custom, server-specific URL change • Due to limited space available in rewriting a URL, the extra information is usually limited to a unique session ID

  9. URL Rewriting: Examples • For example, the following URLs have been rewritten to pass the session id 123 • Original http://server:port/servlet/rewrite • Extra path information http://server:port/servlet/rewrite/123 • Added parameter http://server:port/servlet/rewrite?id=123 • Custom change http://server:port/servlet/rewrite;$id$123

  10. URL Rewriting: Disadvantages • What if the user bookmarks the page? • Every URL on a page which needs the session information must be rewritten each time page is served • Computationally expensive • Can increase communication overhead • State stored in URLs is not persistent • Limits the client’s interaction with the server to HTTP GET request

  11. Hidden Form Fields

  12. Hidden Form Fields • <input type=“hidden” name=“sessionid” value=“123”>

  13. Java’s Solution forSession Tracking HttpSession API

  14. Using HttpSession • To get the user’s session object • Call getSession( ) method of HTTPServletRequest class • pass false to the getSession() method HttpSession ses = request.getSession(false); • If no current session exists: • You will get a null object

  15. Using HttpSession cont. • To get the user’s session object (cont.) • If true is passed to the getSession() method then • If user already has a session • the existing session is returned • For example: HttpSession ses = request.getSession(true); • If no session exists • a new one is created and returned

  16. Using HttpSession cont. • Storing information in a session • Session objects works like a HashMap • HashMap is able to store any type of java object • You can therefore store any number of keys and their values • For example ses.setAttribute(“id”, “123”); key Value

  17. Using HttpSession cont. • Looking up information associated with a session String sID = (String)ses.getAttribute(“id”); returns an Object type, so you will need to perform a type cast

  18. Using HttpSession cont. • Terminating session • Automatic • After the amount of time session gets terminated automatically( getMaxInactiveInterval( ) ) • Manual ses.invalidate();

  19. Example Code Showing Session Information

  20. Encoding URLs Sent to Client • HttpServletResponse provides two methods to perform encoding • String encodeURL(String URL) • String encodeRedirectURL(String URL) • If Cookies disabled • Both methods encodes (rewrites) the specified URL to include the session ID and returns the new URL • If Cookies enabled • Returns the URL unchanged

  21. Encoding URLs Sent to Client cont. • String encodeURL(String URL) • For example String URL = “/servlet/sessiontracker”; String eURL = response.encodeURL(URL); out. println("<A HREF=\"" + eURL + "\">...</A>");

  22. Encoding URLs Sent to Clientcont. • String encodeRedirectURL(String URL) • For example String URL = “/servlet/sessiontracker”; String eURL = response.encodeRedirectURL(URL); response.sendRedirect(eURL);

  23. Example Code Online Book Store

More Related