1 / 17

CSCI 6962: Server-side Design and Programming

CSCI 6962: Server-side Design and Programming. Java Server Faces Scoping and Session Handling. Outline. Session handling c oncepts Session s coping in managed beans Creating a session bean Information flow Session properties Timeouts Web.xml URL encoding. Sessions.

luann
Download Presentation

CSCI 6962: Server-side Design and Programming

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSCI 6962: Server-side Design and Programming Java Server Faces Scoping and Session Handling

  2. Outline • Session handling concepts • Session scoping in managed beans • Creating a session bean • Information flow • Session properties • Timeouts • Web.xml • URL encoding

  3. Sessions • Session: Set of pages submitted by user to accomplish goal • Example: Most on-line shopping Add to cart Enter shipping information Enter payment information Reciept

  4. Need for Session Handling • Problem: No way to associate steps if multiple clients • Nothing built into the web allows server to know where a request is coming from • Server may have to simultaneously manage thousands of sessions ?

  5. Session Handling • Assign each new client unique ID at start of session. • Pass ID to client as part of each response • Now client knows it as well • Stored as cookie by default • Client passes ID back to server with subsequent requests • Server can associate this request can be associated with initial request. • Server stores client data in table indexed by session ID initial request Client Server session ID created for client data associated with this client session ID (stored as cookie) response including session ID further requests include more data + session ID

  6. Managed Bean Scoping • Managed beans have scope • Set of pagesthat have access to the bean • “Period of time” for which Glassfish stores bean in memory • Major types of scoping: • request: current page • session: all pages for single user (over given time) • application: all pages for all users

  7. Creating Session Beans • Scoping set at bean creation in NetBeans Choose session scope

  8. Session Creation • When user first requests page • Create any new session beans used by page • Create unique JSessionID for this user • Associate beans with that JSessionID • Bean state then stored as string between access Request for JSF page (initial form request) JJSF JBean Serialized form of bean JSessionID

  9. Passing Session to Client • SessionID passed to client along with requested page • By default, stored in client-side cookie Browser JJSF JBean Jhtml JSessionID JSessionID JSessionID Cookies

  10. Passing Session to Server • At page submission, sessionID passed as part of request • Cookies associated with page automatically passed Browser JBean Jhtml JSessionID JSessionID JSessionID Cookies

  11. Retrieving Session • Glassfish looks up session beans with matching ID • Form data loaded into that bean Browser set methods JBean Jhtml Form values JSessionID JSessionID JSessionID Cookies

  12. Session Handling in JSP • Sessions can be accessed from both servlet and JSP • Servlet: Construct a new session object from the requestHttpSession session = request.getSession(); • JSP: Just use built-in session object which Tomcat creates from request (like request object) Server request : form data + session ID Servlet Construct session object session ID created for client data associated with this client JSP Use session object

  13. Session Timeouts • Sessions time out after specific period of inactivity • Inactivity = session bean not requested by any page • Goal: efficiency, security • If session expired, access creates new bean (with default values instead of previous values) • Session timeout property of web.xml file

  14. Sessions and Cookies • Default: JSessionIDstored in cookie in client-side browser • What if user disablescookies?

  15. URL Encoding • Pass session ID to the client as part of every response • Insure that client sends that session ID back to the server as part of every request Browser JJSF JBean Jhtml JSessionID JSessionID Form values set JSessionID JSessionID

  16. URL Encoding • JSessionID now passed in url

  17. URL Encoding • URL encoding done automatically in JSF if cookies not enabled • Can control whether URL encoding done using tracking-mode tag in web.xml • Not currently supported in NetBeans

More Related