Session Tracking

What is Session?
  • Session is the period between user login and logout.
  • Session data should be available in all the pages after user logins until he/she log out.
Need for Session Tracking:
  • HTTP is a “stateless” protocol: 
  • Each time a client retrieves a Web page.
  • The client opens a separate connection to the Web server.
  • The server does not automatically maintain contextual information about the client.
For example
  • When clients at an online store add an item to their shopping carts, how does the server know what’s already in the carts? 
  • Similarly, when clients decide to proceed to checkout, how can the server determine which previously created shopping carts are theirs?
How to Solve?

Cookies: You can use cookies to store an ID for a shopping session;
Advantages:
  • Efficient, easy way to implement session
  • Customize cookie
Disadvantages:
  • Browser doesn't support cookies
  • Deleted by the client
  • Modified by the client
URL rewriting: The client appends some extra data at the end of each URL.
  • URL can be dynamically modified or rewritten to include extra information.
Advantages:
  • When browsers don’t support cookies.
  • When the user has disabled them. 
Disadvantages:
  • Limit to size of URL (255 char)
  • It cant be used if the method used by target URL is POST
  • Parameter name collision might occur.
Hidden form fields: This hidden field can be used to store information about the session.
  • The hidden field is not displayed on the browser.
  • They are sent to the server when the form is submitted.
Exa.
Advantages:
  • They can always be used.
  • They are supported by browser
Disadvantages:
  • They only work for the sequence of forms.
Session API: HttpSession

Four basic steps…
  • Accessing the session object associated with the current request. 
Call request.getSession 
  • Looking up information associated with a session. 
Call getAttribute
  • Storing information in a session. 
Use setAttribute with a key and a value. 
  • Discarding session data. 
Call removeAttribute 


 Step 01:
  • Accessing the Session Object Associated with the Current Request
  • Session objects are of type HttpSession.
Exa. HttpSession session = request.getSession();
  • getSession()-it creates a new session if no session already exists
  • JSESSIONID with a unique value representing the session ID
Step 02:
  • Looking Up Information Associated with a Session
  • HttpSession objects live on the server.
    • These session objects have a built-in data structure (called a hash table)
  • You can store any number of keys and associated values in it.
Step 03:
  • Associating Information with a Session
  • Read information with a session by using getAttribute. 
  • To specify information, use setAttribute.
  • In general, session attributes merely have to be of type Object.
  • You can add information in two ways: 
    • by adding a new session attribute.
    • by augmenting an object that is already in the session.
Step 04:
  • Discarding Session Data
  • You have 3 options…
    • Remove only the data your servlet created.
      • call removeAttribute("key") 
    • Delete the whole session (in the current Web application)
      • call invalidate to discard an entire session.
    • Log the user out and delete all sessions belonging to him or her.
      • call logout to log the client out of the Web server and invalidate all sessions associated with that user. 
Methods:
  • public Object getAttribute(String name): This method extracts a previously stored value from a session object. It returns null if no value is associated with the given name. 
  • public Enumeration getAttributeNames(): This method returns the names of all attributes in the session. 
  • public void setAttribute(String name, Object value): This method associates a value with a name. 
  • public void removeAttribute(String name): This method removes any values associated with the designated name. 
  • public void invalidate(): This method invalidates the session and unbinds all objects associated with it.
  • public void logout(): This method logs the client out of the Web server and invalidates all sessions associated with that client
  • public String getId(): This method returns the unique identifier generated for each session
  • public boolean isNew() :This method returns true if the client (browser) has never seen the session.
  • public long getCreationTime():  This method returns the time in milliseconds since midnight, January 1, 1970 (GMT) at which the session was first built.
  • public long getLastAccessedTime():  This method returns the time in milliseconds since midnight, January 1, 1970 (GMT) at which the session was last accessed by the client. 
  • public int getMaxInactiveInterval() 
  • public void setMaxInactiveInterval(int seconds): These methods get or set the length of time, in seconds, that a session should go without access before being automatically invalidated.
Example:



Tags:

Thanks a lot for query or your valuable suggestions related to the topic.

Previous Post Next Post
Share to other apps
Copy Post Link

Contact Form