JAVA: Session Tracking 2

<< JAVA: Session Tracking 1

JAVA: AddressBook Case Study Using Sevlets >>

Web Design & Development CS506

Lesson 32

Session Tracking 2

In the last handout we have discussed the solutions for session tracking and talked about one important

mechanism cookies in detail. We said cookies allow the server to store information on a client machine and

later retrieve it. Now we will see two more mechanisms that provide us facility to maintain a session

between user's requests. These are URL Rewriting and Hidden Form Fields. After that we will discuss a

session tracking API provided by java.

URL Rewriting

URL rewriting provides another way for session tracking. With URL rewriting, the parameter that we want

to pass back and forth between the server and client is appended to the URL. This appended information

can be retrieve by parsing the URL. This information can be in the form of:

Extra path information,

Added parameters, or

Some custom, server-specific URL change

Note: Due to limited space available in rewriting a URL, the extra information is usually limited to a

unique session ID.

The following URLs have been rewritten to pass the session ID 123

. Original

http://server: port/servlet /rewrite

. Extra path information

http://server: port/servlet/rewrite/123

. Added parameters

http://server: port/servlet/rewrite?id=123

. Custom change

http://server: port/servlet/rewrite;$id$123

Disadvantages of URL rewriting

The following Disadvantages of URL rewriting, are considerable: -

What if the user bookmarks the page and the problem get worse if server is not assigning a unique

session id.

Every URL on a page, which needs the session information, must be rewritten each time page is

served, which can cause

o Computationally expensive

o Can increase communication overhead

Unlike cookies, state information stored in the URL is not persistent

This mechanism limits the client interaction with the server to HTTP GET request.

Example Code: OnlineBookStore using URL Rewriting

This is the modified version of online book store (selling two books only, however you can add in on your

own) that is built using cookies in the last handout. Another important difference is books are displayed in

the form of hyperlink instead of check boxes. URL rewriting mechanism is used to maintain session

information.

How to make Query String

Before jumping on to example, one important technique is needed to be learned i.e. making on query string.

If you ever noticed the URL of a servlet in a browser that is receiving some HTML form values, also

contains the HTML fields name with values entered/selected by the user.

Now, if you want to pass some attribute and values along with URL, you can use the technique of query

string. Attribute names and values are written in pair form after the ?. For example, if you want to send

attribute "name" and its value "ali", the URL will look like

Original URL

http://server:port/servletex /register

After adding parameters

http://server:port/servletex/register ?name=ali

235

Web Design & Development CS506

If you want to add more than one parameter, all subsequent parameters are separated by & sign. For

example

Adding two parameters

http://server:port/servletex/register ?name=ali&address=gulberg

URLRewriteServlet.java

import java.io.*;import java.net.*;import

javax.servlet.*;import javax.servlet.http.*;

public class URLRewriteServlet extends HttpServlet {

// used to generate a unique value which is

// used as a cookie value

public static int S_ID = 1;

// used to store HashMaps of indiviual users

public static HashMap globalMap = new HashMap();

// Handles the HTTP GET method.

protected void doGet(HttpServletRequest request,

HttpServletResponse response)throws ServletException, IOException{

processRequest(request, response);

}

// Handles the HTTP <code>POST</code> method.

protected void doPost(HttpServletRequest request,

HttpServletResponse response)throws ServletException, IOException{

processRequest(request, response);

}

// called from both doGet() & doPost()protected void

processRequest(HttpServletRequest request,HttpServletResponse

response)throws ServletException, IOException {

// declaring user's HashMap

HashMap sessionInfo = null;

// reading sessionId

String sID = request.getParameter("JSESSIONID");

/* if parameter JSESSIONID is received, means that user isvisiting the site for the first time.

if (sID == null)

{

// make a unique string

sID = makeUniqueString();

// creating a HashMap where books selected by the

// user will be stored

sessionInfo = new HashMap();

// add the user's HashMap (sessionInfo) into the

// globalMap against unique string i.e. sID

globalMap.put(sID, sessionInfo);

}else {

// if parameter "JSESSIONID" has some value

// retrieve a HashMap from the globalMap against

236

Web Design & Development CS506

// sID i.e. unique string which is your sessionID

sessionInfo = (HashMap)globalMap.get(sID);

}

response.setContentType("text/html;charset=UTF-8");

PrintWriter out = response.getWriter();

out.println("<html>");

out.println("<head>");

out.println("<title>Shopping Cart Example</title>");

out.println("</head>");

out.println("<body>");

out.println("<h1>Online Book Store</h1>");

// Making three URLS by using query string mechanism// The attributes/parameters are JSSESSIONID and

book name (like// firstCB) along with values sID and book name respectively

String firsturl ="http://localhost:8084/urlbookstore/urlrewriteservlet?JSESSIONID="

+ sID + "&firstCB=firstCB";

String secondurl ="http://localhost:8084/urlbookstore/urlrewriteservlet?JSESSIONID="

+ sID + "&secondCB=secondCB";

out.println("<h3><a href=" + firsturl + ">" + " java core servlts </a> </h3>"

+"<br>"+

"<h3><a href=" + secondurl + ">" +

" java how to program </a> </h3>" +

"<br>"+

);

out.println("<br/>");

out.println("<h1>You have selected following books</h1>");

out.println("<br/>");

//retrieving params that are emebded in URLs

String fBook = request.getParameter("firstCB");String sBook =

request.getParameter("secondCB");

// if first book is selected then add it to

// user's HashMap i.e. sessionInfo

if ( fBook != null && fBook.equals("firstCB") ) {

sessionInfo.put("firstCB", "java core servlets");

}

// if second book is selected then add it to

// user's HashMap i.e. sessionInfo

if (sBook != null && sBook.equals("secondCB")){

sessionInfo.put("secondCB", "java how to program");

}

// used to display the books currently stored in

// the user's HashMap i.e. sessionInfo

237

Web Design & Development CS506

printSessionInfo(out, sessionInfo);

out.println("</body>");

out.println("</html>");

out.close();

} // end processRequest()

// method used to generate a unique string

public String makeUniqueString(){return "ABC" +

S_ID++;}

// returns a reference global HashMap.

public static HashMap findTableStoringSessions(){return

globalMap;}

// used to print the books currently stored in// user's HashMap. i.e. sessionInfo

public void printSessionInfo(PrintWriter out,HashMap sessionInfo){ String title = "";

title= (String)sessionInfo.get("firstCB");

if (title != null){

out.println("<h3> "+ title +"</h3>");

}

title= (String)sessionInfo.get("secondCB");

if (title != null){

out.println("<h3> "+ title +"</h3>");

}

} // end URLRewriteServlet

web.xml

<?xml version="1.0" encoding="UTF-8"?>

<web-app>

<servlet> <servlet-name> URLRewriteServlet </servlet-name><servlet-class> URLRewriteServlet

</servlet-class>

</servlet>

<servlet-mapping><servlet-name> URLRewriteServlet </servlet-name><url-pattern>

/urlrewriteservlet </url-pattern>

</servlet-mapping>

</web-app>

Hidden Form

Fields

HTML forms

can have an

element

that

looks like the

following:

<INPUT

TYPE="HIDDEN" NAME="sessionid" VALUE="123" />

238

Web Design & Development CS506

Hidden Forms Fields do not affect the appearance of HTML page. They actually contain the information

that is needed to send to the server. Thus, hidden fields can also be used to store information (like

sessionid) in order to maintain session.

In the above figure you can see the use of Hidden form fields for storing particular information.

Java Solution for Session Tracking

Java provides an excellent solution to all the problems that occurred in tracking a session. The Servlet API

provides several methods and classes specifically designed to handle session tracking. In other words,

servlets have built in session tracking.

Sessions are represented by an HttpSession object. HttpSession tacking API built on top of URL rewriting

and cookies. All cookies and URL rewriting mechanism is hidden and most application server uses cookies

but automatically revert to URL rewriting when cookies are unsupported or explicitly disabled. Using

HttpSessionAPI in servlets is straightforward and involves looking up the session object associated with the

current request, creating new session object when necessary, looking up information associated with a

session, storing information in a session, and discarding completed or abandoned sessions.

Working with HttpSession

Let's have a look on HttpSession working step by step.

1. Getting the user's session object

To get the user's session object, we call the getSession() method of HttpServeltRequestthat returns the

object of HttpSession

HttpSession sess = request.getSession(true);

If true is passed to the getSession() method, this method returns the current session associated with this

request, or, if the request does not have a session, it creates a new one. We can confirm whether this

session object (sess) is newly created or returned by using isNew() method of HttpSession. In case of

passing false, null is returned if the session doesn't exist.

2. Storing information in a Session

To store information in Session object (sess), we use setAttribute() method of HttpSession class.

Session object works like a HashMap, so it is able to store any java object against key. So you can store

number of keys and their values in pair form. For example,

sess.setAttribute("sessionid", "123");

3. Looking up information associated with a Session

To retrieve back the stored information from session object, getAttribute()method of HttpSession class

is used. For example,

String sid=(String)sess.getAttribute("sessionid");

Note: -getAttribute() method returns Object type, so typecast is required.

4. Terminating a Session

After the amount of time, session gets terminated automatically. We can see its maximum activation

time by using getMaxInactiveInterval() method of HttpSession class. However, we can also terminate

any existing session manually. For this, we need to call invalidate() method of HttpSessionclass as

shown below.

sess.invalidate()

Example Code: Showing Session Information

To understand HttpSession API properly we need to have a look on an example. In this example, we will

get the session object and check whether it is a new user or not. If the user is visiting for the first time, we

will print "Welcome" and if we find the old one, we'll print "Welcome Back". Moreover, we will print the

session information and count the number of accesses for every user

import java.io.*;

239

Web Design & Development CS506

import java.net.*;

import javax.servlet.*;

import javax.servlet.http.*;

public class ShowSessionServlet extends HttpServlet {

// Handles the HTTP <code>GET</code> method.

protected void doGet(HttpServletRequest request, HttpServletResponse response)

throws ServletException, IOException

{

processRequest(request, response);

}

// Handles the HTTP <code>POST</code> method.

protected void doPost(HttpServletRequest request, HttpServletResponse response)

throws ServletException, IOException

{

processRequest(request, response);

}

// called from both doGet() & doPost()

protected void processRequest(HttpServletRequest request, HttpServletResponse response)

throws ServletException, IOException

{

// used for displaying message (like Welcomem, Newcomer) to user

private String heading;

response.setContentType("text/html");

// Getting session object

HttpSession session = request.getSession(true);

/* Getting stored information using getAttribute() method */

Integer accessCount = (Integer)session.getAttribute("sessionCount");

/* If user comes for the first time, accessCount will be

assigned null, so we can guess easily that this a new user */

if (accessCount == null)

{

accessCount = new Integer(1);

heading = "Welcome, Newcomer";

} else

{

heading = "Welcome Back";

// Incrementing the value

accessCount = new Integer(accessCount.intValue() + 1);

}

/* Storing the new value of accessCount in the session using

setAttribute() method */

session.setAttribute("sessionCount", accessCount);

// Getting the PrintWriter

PrintWriter out = response.getWriter();

/*Generating HTML tags using PrintWriter to print session info

and no of times this user has accessed this page */

out.println("<HTML>" + " <BODY>" + " <h1>Session Tracking Example</h1>" +

" <H2>Information on Your Session:</H2>\n" +

240

Web Design & Development CS506

" <H3> Session ID: " + session.getId() + "</H3>" +

" <H3>Number of Previous Accesses: " + accessCount +

" </H3>" +

" </BODY>" +

" </HTML>"

);

//Closing the PrintWriter stream

out.close();

} // end processRequest

} // end ShowSessionServlet class

web.xml

<?xml version="1.0" encoding="UTF-8"?>

<web-app>

<servlet> <servlet-name> ShowSession </servlet-name><servlet-class> ShowSessionServlet </servlet-

class>

</servlet>

<servlet-mapping>

<servlet-name> ShowSession </servlet-name>

<url-pattern> /showsession </url-pattern>

</servlet-mapping>

</web-app>

HttpSession Behind the scenes

When we call getSession() method, there is a lot going on behind the scenes. For every user, a unique

session ID is assigned automatically. As the server deals with lot of users at a time, this ID is used to

distinguish one user from another. Now here is the question, how this ID sends to the user? Answer is,

there are two options

Option 1: If the browser supports cookies, the Servlet will automatically creates a session cookie

and store the session ID within that cookie.

Option 2: If the first option fails because of browser that does not support cookies then the Servlet

will try to extract the session ID from the URL

Encoding URLs sent to Client

Servlet will automatically switch to URL rewriting when cookies are not supported or disabled by the

client. When Session Tracking is based on URL rewriting, it requires additional help from the Servlets. For

a Servlet to support session tracking via URL rewriting, it has to rewrite (encode) every local URL before

sending it to the client. Now see how this encoding works

HttpServletResponse provides two methods to perform encoding

String encodeURL(String URL)

String encodeRedirectURL(String URL)

If Cookies are disabled, both methods encode (rewrite) the specific URL to include the session ID and

returns the new URL. However, if cookies are enabled, the URL is returned unchanged.

241

Web Design & Development CS506

Difference between encodeURL() and encodeRedirectURL()

encodeURL() is used for URLs that are embedded in the webpage, that the servlet generates. For example,

String URL = "/servlet/sessiontracker";

String eURL = response.encodeURL(URL);

out.println("<A HREF=\" " + eURL + "\ "> ...... </A>");

Whereas encodeRedirectURL() is used for URLs that refers yours site is in sendRedirect() call. For

example,

String URL = "/servlet/sessiontracker";

String eURL = response.encodeRedirectURL(URL);

Response.sendRedirect(eURL);

Example Code: OnlineBookStore using HttpSession

This book store is modified version of last one, which is built using URL rewriting mechanism. Here,

HttpSession will be used to maintain session.

ShoppingCartServlet.java

import java.io.*;import java.net.*;import

javax.servlet.*;import javax.servlet.http.*;

public class ShoppingCartServlet extends HttpServlet {

// Handles the HTTP GET method.

protected void doGet(HttpServletRequest request,

HttpServletResponse response)throws ServletException, IOException{

processRequest(request, response);

}

// Handles the HTTP <code>POST</code> method.

protected void doPost(HttpServletRequest request,

HttpServletResponse response)throws ServletException, IOException{

processRequest(request, response);

}

// called from both doGet() & doPost()protected void

processRequest(HttpServletRequest request,HttpServletResponse response)throws

ServletException, IOException {

response.setContentType("text/html;charset=UTF-8");

HttpSession session = request.getSession(true);

PrintWriter out = response.getWriter();

out.println("<html>");

out.println("<head>");

out.println("<title>Shopping Cart Example</title>");

out.println("</head>");

out.println("<body>");

out.println("<h1>Online Book Store</h1>");

// First URL built using query string, representing first book

String firstURL ="http://localhost:8084/urlrewritebookstore/shoppingcart?book=first"

242

Web Design & Development CS506

// Second URL built using query string, representing second book// Note that parameter name is still book,

so that later we need // to read only this parameter

String secondURL ="http://localhost:8084/urlrewritebookstore/shoppingcart?book=second"

// Encoding URLs

String eURL1 = response.encodeURL( firstURL );String eURL2 =

response.encodeURL( secondURL );

out.println("<h3><a href=" + eURL1 + ">" + " java core servlets </a> </h3>" +"<br>"+

"<h3><a href=" + eURL2 + ">" +

" java How to Program </a> </h3>"

);

out.println("<br/>");

out.println("<h1>You have selected following books</h1>");

out.println("<br/>");

//retrieving params that are emebded in URLs

String fBook = request.getParameter("firstCB");String sBook =

request.getParameter("secondCB");

out.println("<br/>");

out.println("<h1>You have selected following books</h1>");

out.println("<br/>");

//retrieving param that is embedded into URL

String book = request.getParameter("book");

if (book != null){

// if firstURL, value of first hyperlink is clicked// then storing the book into session object against

fBook

if (book.equals("first")){session.setAttribute("fBook", "java core

servlets");}

// if secondURL, value of second hyperlink is clicked// then storing the book into session object

against sBook

else if(book.equals("second")){session.setAttribute("sBook", "java how

to program");}

}//outer if ends

// used to display the books currently stored in

// the HttpSession object i.e. session

printSessionInfo(out, session);

out.println("</body>");

out.println("</html>");

out.close();

} // end processRequest()

// used to display values stored in HttpSession object

public void printSessionInfo(PrintWriter out,HttpSession session){ String title = "";

// reading value against key fBook from session,// if exist displays it

title= (String)session.getAttribute("fBook");

if (title != null){

out.println("<h3> "+ title +"</h3>");

}

// reading value against key sBook from session,// if exist displays it

title= (String)session.getAttribute("sBook");

243

Web Design & Development CS506

if (title != null){

out.println("<h3> "+ title +"</h3>");

}

} // end printSessionInfo

} // end ShoppingCartServlet

web.xml

<?xml version="1.0" encoding="UTF-8"?>

<web-app>

<servlet> <servlet-name> ShoppingCartServlet </servlet-name>

<servlet-class> ShoppingCartServlet </servlet-class>

</servlet>

<servlet-mapping><servlet-name> ShoppingCartServlet </servlet-name>

<url-pattern> /shoppingcart </url-pattern>

</servlet-mapping>

</web-app>

Some Methods of HttpSession

Now let's explore some methods of HttpSessionclass

. setAttribute(String, Object)

This method associates a value with a name.

. getAttribute(String)

Extracts previously stored value from a session object. It returns nullif no value is associated with

the given name

. removeAttribute(String)

This method removes values associated with the name

. getId( )

This method returns the unique identifier of this session

. getCreationTime( )

This method returns time at which session was first created

. getMaxInactiveInterval( ) , setMaxInactiveInterval(int)

To get or set the amount of time session should go without access before being invalidated.

References:

Java A Lab Course by Umair Javed

Core Servlets and JSP by Marty Hall

Stanford Course Internet Technologies

Java Tutorial on Servlets

http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Servlets11.html

Java API documentation

244

Table of Contents: