ZeePedia buy college essays online


Web Design and Development

<<< Previous JAVA: Session Tracking 2 Next >>>
 
img
Web Design & Development ­ CS506
VU
Lesson 32
Session Tracking 2
In the last handout we have discussed the solutions for session tracking and talked about one important
mechanism cookies in detail. We said cookies allow the server to store information on a client machine and
later retrieve it. Now we will see two more mechanisms that provide us facility to maintain a session
between user's requests. These are URL Rewriting and Hidden Form Fields. After that we will discuss a
session tracking API provided by java.
URL Rewriting
URL rewriting provides another way for session tracking. With URL rewriting, the parameter that we want
to pass back and forth between the server and client is appended to the URL. This appended information
can be retrieve by parsing the URL. This information can be in the form of:
.
Extra path information,
.
Added parameters, or
.
Some custom, server-specific URL change
Note: Due to limited space available in rewriting a URL, the extra information is usually limited to a
unique session ID.
The following URLs have been rewritten to pass the session ID 123
. Original ­
http://server: port/servlet /rewrite
. Extra path information ­
http://server: port/servlet/rewrite/123
. Added parameters ­
http://server: port/servlet/rewrite?id=123
. Custom change ­
http://server: port/servlet/rewrite;$id$123
Disadvantages of URL rewriting
The following Disadvantages of URL rewriting, are considerable: -
What if the user bookmarks the page and the problem get worse if server is not assigning a unique
session id.
Every URL on a page, which needs the session information, must be rewritten each time page is
served, which can cause
o  Computationally expensive
o  Can increase communication overhead
Unlike cookies, state information stored in the URL is not persistent
This mechanism limits the client interaction with the server to HTTP GET request.
Example Code: OnlineBookStore using URL Rewriting
This is the modified version of online book store (selling two books only, however you can add in on your
own) that is built using cookies in the last handout. Another important difference is books are displayed in
the form of hyperlink instead of check boxes. URL rewriting mechanism is used to maintain session
information.
How to make Query String
Before jumping on to example, one important technique is needed to be learned i.e. making on query string.
If you ever noticed the URL of a servlet in a browser that is receiving some HTML form values, also
contains the HTML fields name with values entered/selected by the user.
Now, if you want to pass some attribute and values along with URL, you can use the technique of query
string. Attribute names and values are written in pair form after the ?. For example, if you want to send
attribute "name" and its value "ali", the URL will look like
Original URL
http://server:port/servletex /register
After adding parameters
http://server:port/servletex/register ?name=ali
235
img
Web Design & Development ­ CS506
VU
If you want to add more than one parameter, all subsequent parameters are separated by & sign. For
example
Adding two parameters ­
http://server:port/servletex/register ?name=ali&address=gulberg
URLRewriteServlet.java
import java.io.*;import java.net.*;import
javax.servlet.*;import javax.servlet.http.*;
public class URLRewriteServlet extends HttpServlet {
// used to generate a unique value which is
// used as a cookie value
public static int S_ID = 1;
// used to store HashMaps of indiviual users
public static HashMap globalMap = new HashMap();
// Handles the HTTP GET method.
protected void doGet(HttpServletRequest request,
HttpServletResponse response)throws ServletException, IOException{
processRequest(request, response);
}
// Handles the HTTP <code>POST</code> method.
protected void doPost(HttpServletRequest request,
HttpServletResponse response)throws ServletException, IOException{
processRequest(request, response);
}
// called from both doGet() & doPost()protected void
processRequest(HttpServletRequest request,HttpServletResponse
response)throws ServletException, IOException {
// declaring user's HashMap
HashMap sessionInfo = null;
// reading sessionId
String sID = request.getParameter("JSESSIONID");
/* if parameter JSESSIONID is received, means that user isvisiting the site for the first time.
*/
if (sID == null)
{
// make a unique string
sID = makeUniqueString();
// creating a HashMap where books selected by the
// user will be stored
sessionInfo = new HashMap();
// add the user's HashMap (sessionInfo) into the
// globalMap against unique string i.e. sID
globalMap.put(sID, sessionInfo);
}else {
// if parameter "JSESSIONID" has some value
// retrieve a HashMap from the globalMap against
236
img
Web Design & Development ­ CS506
VU
// sID i.e. unique string which is your sessionID
sessionInfo = (HashMap)globalMap.get(sID);
}
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
out.println("<html>");
out.println("<head>");
out.println("<title>Shopping Cart Example</title>");
out.println("</head>");
out.println("<body>");
out.println("<h1>Online Book Store</h1>");
// Making three URLS by using query string mechanism// The attributes/parameters are JSSESSIONID and
book name (like// firstCB) along with values sID and book name respectively
String firsturl ="http://localhost:8084/urlbookstore/urlrewriteservlet?JSESSIONID="
+ sID + "&firstCB=firstCB";
String secondurl ="http://localhost:8084/urlbookstore/urlrewriteservlet?JSESSIONID="
+ sID + "&secondCB=secondCB";
out.println("<h3><a href=" + firsturl + ">" + " java core servlts </a> </h3>"
+"<br>"+
"<h3><a href=" + secondurl + ">" +
" java how to program </a> </h3>" +
"<br>"+
);
out.println("<br/>");
out.println("<h1>You have selected following books</h1>");
out.println("<br/>");
//retrieving params that are emebded in URLs
String fBook = request.getParameter("firstCB");String sBook =
request.getParameter("secondCB");
// if first book is selected then add it to
// user's HashMap i.e. sessionInfo
if ( fBook != null && fBook.equals("firstCB") ) {
sessionInfo.put("firstCB", "java core servlets");
}
// if second book is selected then add it to
// user's HashMap i.e. sessionInfo
if (sBook != null && sBook.equals("secondCB")){
sessionInfo.put("secondCB", "java how to program");
}
// used to display the books currently stored in
// the user's HashMap i.e. sessionInfo
237
img
Web Design & Development ­ CS506
VU
printSessionInfo(out, sessionInfo);
out.println("</body>");
out.println("</html>");
out.close();
} // end processRequest()
// method used to generate a unique string
public String makeUniqueString(){return "ABC" +
S_ID++;}
// returns a reference global HashMap.
public static HashMap findTableStoringSessions(){return
globalMap;}
// used to print the books currently stored in// user's HashMap. i.e. sessionInfo
public void printSessionInfo(PrintWriter out,HashMap sessionInfo){ String title = "";
title= (String)sessionInfo.get("firstCB");
if (title != null){
out.println("<h3> "+ title +"</h3>");
}
title= (String)sessionInfo.get("secondCB");
if (title != null){
out.println("<h3> "+ title +"</h3>");
}
} // end URLRewriteServlet
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app>
<servlet> <servlet-name> URLRewriteServlet </servlet-name><servlet-class> URLRewriteServlet
</servlet-class>
</servlet>
<servlet-mapping><servlet-name> URLRewriteServlet </servlet-name><url-pattern>
/urlrewriteservlet </url-pattern>
</servlet-mapping>
</web-app>
Hidden Form
Fields
HTML  forms
can  have  an
element
that
looks like the
following:
<INPUT
TYPE="HIDDEN" NAME="sessionid" VALUE="123" />
238
img
Web Design & Development ­ CS506
VU
Hidden Forms Fields do not affect the appearance of HTML page. They actually contain the information
that is needed to send to the server. Thus, hidden fields can also be used to store information (like
sessionid) in order to maintain session.
In the above figure you can see the use of Hidden form fields for storing particular information.
Java Solution for Session Tracking
Java provides an excellent solution to all the problems that occurred in tracking a session. The Servlet API
provides several methods and classes specifically designed to handle session tracking. In other words,
servlets have built in session tracking.
Sessions are represented by an HttpSession object. HttpSession tacking API built on top of URL rewriting
and cookies. All cookies and URL rewriting mechanism is hidden and most application server uses cookies
but automatically revert to URL rewriting when cookies are unsupported or explicitly disabled. Using
HttpSessionAPI in servlets is straightforward and involves looking up the session object associated with the
current request, creating new session object when necessary, looking up information associated with a
session, storing information in a session, and discarding completed or abandoned sessions.
Working with HttpSession
Let's have a look on HttpSession working step by step.
1. Getting the user's session object
To get the user's session object, we call the getSession() method of HttpServeltRequestthat returns the
object of HttpSession
HttpSession sess = request.getSession(true);
If true is passed to the getSession() method, this method returns the current session associated with this
request, or, if the request does not have a session, it creates a new one. We can confirm whether this
session object (sess) is newly created or returned by using isNew() method of HttpSession. In case of
passing false, null is returned if the session doesn't exist.
2. Storing information in a Session
To store information in Session object (sess), we use setAttribute() method of HttpSession class.
Session object works like a HashMap, so it is able to store any java object against key. So you can store
number of keys and their values in pair form. For example,
sess.setAttribute("sessionid", "123");
3. Looking up information associated with a Session
To retrieve back the stored information from session object, getAttribute()method of HttpSession class
is used. For example,
String sid=(String)sess.getAttribute("sessionid");
Note: -getAttribute() method returns Object type, so typecast is required.
4. Terminating a Session
After the amount of time, session gets terminated automatically. We can see its maximum activation
time by using getMaxInactiveInterval() method of HttpSession class. However, we can also terminate
any existing session manually. For this, we need to call invalidate() method of HttpSessionclass as
shown below.
sess.invalidate()
Example Code: Showing Session Information
To understand HttpSession API properly we need to have a look on an example. In this example, we will
get the session object and check whether it is a new user or not. If the user is visiting for the first time, we
will print "Welcome" and if we find the old one, we'll print "Welcome Back". Moreover, we will print the
session information and count the number of accesses for every user
import java.io.*;
239
img
Web Design & Development ­ CS506
VU
import java.net.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class ShowSessionServlet extends HttpServlet {
// Handles the HTTP <code>GET</code> method.
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
processRequest(request, response);
}
// Handles the HTTP <code>POST</code> method.
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
processRequest(request, response);
}
// called from both doGet() & doPost()
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
// used for displaying message (like Welcomem, Newcomer) to user
private String heading;
response.setContentType("text/html");
// Getting session object
HttpSession session = request.getSession(true);
/* Getting stored information using getAttribute() method */
Integer accessCount = (Integer)session.getAttribute("sessionCount");
/* If user comes for the first time, accessCount will be
assigned null, so we can guess easily that this a new user */
if (accessCount == null)
{
accessCount = new Integer(1);
heading = "Welcome, Newcomer";
} else
{
heading = "Welcome Back";
// Incrementing the value
accessCount = new Integer(accessCount.intValue() + 1);
}
/* Storing the new value of accessCount in the session using
setAttribute() method */
session.setAttribute("sessionCount", accessCount);
// Getting the PrintWriter
PrintWriter out = response.getWriter();
/*Generating HTML tags using PrintWriter to print session info
and no of times this user has accessed this page */
out.println("<HTML>" + " <BODY>" + " <h1>Session Tracking Example</h1>" +
" <H2>Information on Your Session:</H2>\n" +
240
img
Web Design & Development ­ CS506
VU
" <H3> Session ID: " + session.getId() + "</H3>" +
" <H3>Number of Previous Accesses: " + accessCount +
" </H3>" +
" </BODY>" +
" </HTML>"
);
//Closing the PrintWriter stream
out.close();
} // end processRequest
} // end ShowSessionServlet class
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app>
<servlet> <servlet-name> ShowSession </servlet-name><servlet-class> ShowSessionServlet </servlet-
class>
</servlet>
<servlet-mapping>
<servlet-name> ShowSession </servlet-name>
<url-pattern> /showsession </url-pattern>
</servlet-mapping>
</web-app>
HttpSession ­ Behind the scenes
When we call getSession() method, there is a lot going on behind the scenes. For every user, a unique
session ID is assigned automatically. As the server deals with lot of users at a time, this ID is used to
distinguish one user from another. Now here is the question, how this ID sends to the user? Answer is,
there are two options
Option 1: If the browser supports cookies, the Servlet will automatically creates a session cookie
and store the session ID within that cookie.
Option 2: If the first option fails because of browser that does not support cookies then the Servlet
will try to extract the session ID from the URL
Encoding URLs sent to Client
Servlet will automatically switch to URL rewriting when cookies are not supported or disabled by the
client. When Session Tracking is based on URL rewriting, it requires additional help from the Servlets. For
a Servlet to support session tracking via URL rewriting, it has to rewrite (encode) every local URL before
sending it to the client. Now see how this encoding works
HttpServletResponse provides two methods to perform encoding
String encodeURL(String URL)
String encodeRedirectURL(String URL)
If Cookies are disabled, both methods encode (rewrite) the specific URL to include the session ID and
returns the new URL. However, if cookies are enabled, the URL is returned unchanged.
241
img
Web Design & Development ­ CS506
VU
Difference between encodeURL() and encodeRedirectURL()
encodeURL() is used for URLs that are embedded in the webpage, that the servlet generates. For example,
String URL = "/servlet/sessiontracker";
String eURL = response.encodeURL(URL);
out.println("<A HREF=\" " + eURL + "\ "> ...... </A>");
Whereas encodeRedirectURL() is used for URLs that refers yours site is in sendRedirect() call. For
example,
String URL = "/servlet/sessiontracker";
String eURL = response.encodeRedirectURL(URL);
Response.sendRedirect(eURL);
Example Code: OnlineBookStore using HttpSession
This book store is modified version of last one, which is built using URL rewriting mechanism. Here,
HttpSession will be used to maintain session.
ShoppingCartServlet.java
import java.io.*;import java.net.*;import
javax.servlet.*;import javax.servlet.http.*;
public class ShoppingCartServlet extends HttpServlet {
// Handles the HTTP GET method.
protected void doGet(HttpServletRequest request,
HttpServletResponse response)throws ServletException, IOException{
processRequest(request, response);
}
// Handles the HTTP <code>POST</code> method.
protected void doPost(HttpServletRequest request,
HttpServletResponse response)throws ServletException, IOException{
processRequest(request, response);
}
// called from both doGet() & doPost()protected void
processRequest(HttpServletRequest request,HttpServletResponse response)throws
ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
HttpSession session = request.getSession(true);
PrintWriter out = response.getWriter();
out.println("<html>");
out.println("<head>");
out.println("<title>Shopping Cart Example</title>");
out.println("</head>");
out.println("<body>");
out.println("<h1>Online Book Store</h1>");
// First URL built using query string, representing first book
String firstURL ="http://localhost:8084/urlrewritebookstore/shoppingcart?book=first"
242
img
Web Design & Development ­ CS506
VU
// Second URL built using query string, representing second book// Note that parameter name is still book,
so that later we need // to read only this parameter
String secondURL ="http://localhost:8084/urlrewritebookstore/shoppingcart?book=second"
// Encoding URLs
String eURL1 = response.encodeURL( firstURL );String eURL2 =
response.encodeURL( secondURL );
out.println("<h3><a href=" + eURL1 + ">" + " java core servlets </a> </h3>" +"<br>"+
"<h3><a href=" + eURL2 + ">" +
" java How to Program </a> </h3>"
);
out.println("<br/>");
out.println("<h1>You have selected following books</h1>");
out.println("<br/>");
//retrieving params that are emebded in URLs
String fBook = request.getParameter("firstCB");String sBook =
request.getParameter("secondCB");
out.println("<br/>");
out.println("<h1>You have selected following books</h1>");
out.println("<br/>");
//retrieving param that is embedded into URL
String book = request.getParameter("book");
if (book != null){
// if firstURL, value of first hyperlink is clicked// then storing the book into session object against
fBook
if (book.equals("first")){session.setAttribute("fBook", "java core
servlets");}
// if secondURL, value of second hyperlink is clicked// then storing the book into session object
against sBook
else if(book.equals("second")){session.setAttribute("sBook", "java how
to program");}
}//outer if ends
// used to display the books currently stored in
// the HttpSession object i.e. session
printSessionInfo(out, session);
out.println("</body>");
out.println("</html>");
out.close();
} // end processRequest()
// used to display values stored in HttpSession object
public void printSessionInfo(PrintWriter out,HttpSession session){ String title = "";
// reading value against key fBook from session,// if exist displays it
title= (String)session.getAttribute("fBook");
if (title != null){
out.println("<h3> "+ title +"</h3>");
}
// reading value against key sBook from session,// if exist displays it
title= (String)session.getAttribute("sBook");
243
img
Web Design & Development ­ CS506
VU
if (title != null){
out.println("<h3> "+ title +"</h3>");
}
} // end printSessionInfo
} // end ShoppingCartServlet
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app>
<servlet> <servlet-name> ShoppingCartServlet </servlet-name>
<servlet-class> ShoppingCartServlet </servlet-class>
</servlet>
<servlet-mapping><servlet-name> ShoppingCartServlet </servlet-name>
<url-pattern> /shoppingcart </url-pattern>
</servlet-mapping>
</web-app>
Some Methods of HttpSession
Now let's explore some methods of HttpSessionclass
. setAttribute(String, Object)
This method associates a value with a name.
. getAttribute(String)
Extracts previously stored value from a session object. It returns nullif no value is associated with
the given name
. removeAttribute(String)
This method removes values associated with the name
. getId( )
This method returns the unique identifier of this session
. getCreationTime( )
This method returns time at which session was first created
. getMaxInactiveInterval( ) , setMaxInactiveInterval(int)
To get or set the amount of time session should go without access before being invalidated.
References:
Java A Lab Course by Umair Javed
Core Servlets and JSP by Marty Hall
Stanford Course ­ Internet Technologies
Java Tutorial on Servlets
http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Servlets11.html
Java API documentation
244