04 Passing Data between pages Forms Sessions Query
04 – Passing Data between pages: Forms, Sessions, & Query Strings Mark Dixon 1
Session Aims & Objectives • Aims – To introduce the fundamental ideas involved in passing data between pages • Objectives, by end of this week’s sessions, you should be able to: – pass data between pages, using: • • Mark Dixon Self Posting Query Strings Session Variables Cookies 2
Example: Logon v 2 (design) • Restrict access to home page Mark Dixon 3
Example: Logon v 2 (code) Logon. jsp <%@page content. Type="text/html" page. Encoding="UTF-8"%> <% String un; String pw; String msg = ""; if (request. get. Parameter("btn. Logon") != null){ un = request. get. Parameter("txt. User. Name"); pw = request. get. Parameter("txt. Pass. Word"); if (un. equals("mark") && pw. equals("soft 234")){ response. send. Redirect(“Home. html"); }else{ msg = "Login details incorrect. "; } } %> Home. html <html> <head><title>My Home page</title></head> <body> <p> Welcome to my home page. <img src="You. Are. Here. jpg" /> </p> </body> </html> <!DOCTYPE html> <head><title></head> <body> <form> Please logon: <input name="txt. User. Name" type="text" /> <input name="txt. Pass. Word" type="text" /> <input name="btn. Logon" type="submit" value="Logon" /> <p><%=msg%></p> </form> </body> </html> Mark Dixon 4
Example: Logon (Fixed Problem) • View Source – shows client-side script: No server-side code Mark Dixon 5
Example: Logon (Problem 2) • User can type home page url (address) directly (bypassing logon page) Mark Dixon 6
Solution • Need way for: – password page to tell home page – that user logged in OK Mark Dixon 7
Technique: Dead-Drop Variables • 2 Spies wish to pass message between each other without actually meeting • Arrange a dead-drop location – one spy leaves message at location – other spy visits location later to pick up message • Variables used as dead-drop containers Mark Dixon 8
Example: Logon v 3 (code) Logon 3. jsp <%@page content. Type="text/html" page. Encoding="UTF-8"%> <% String un; String pw; String msg = ""; Boolean Logon. OK; Logon. OK = false; if (request. get. Parameter("btn. Logon") != null){ un = request. get. Parameter("txt. User. Name"); pw = request. get. Parameter("txt. Pass. Word"); if (un. equals("mark") && pw. equals("soft 234")){ Logon. OK = true; response. send. Redirect("Home 3. jsp"); }else{ msg = "Login details incorrect. "; } } %> Logon. OK True <!DOCTYPE html> <head><title></head> <body> <form> Please logon: <input name="txt. User. Name" type="text" /> <input name="txt. Pass. Word" type="text" /> <input name="btn. Logon" type="submit" value="Logon" /> <p><%=msg%></p> </form> </body> </html> Mark Dixon Home 3. jsp <%@page content. Type="text/html“ %> <% Boolean Logon. OK; if (Logon. OK == false){ response. send. Redirect("Logon 3. jsp"); } %> <!DOCTYPE html> <head><title>My Home page</title></head> <body> <p> Welcome to my home page. <img src="You. Are. Here. jpg" /> </p> </body> </html> Does not work Variables do not persist between pages 9
Example: Logon v 3 (Error) • Variables – don't persist between pages Mark Dixon 10
Passing Data (temporary) • Session object – used to pass information between pages: session. set. Attribute("Thing", 91); Put 91 into Thing – exists for current session – persist between pages – clears if user closes browser – clears after 20 mins of inactivity – no need for declaration Mark Dixon 11
Maintaining State: Session Object Send. jsp <%@page content. Type="text/html" %> <% if (request. get. Parameter("btn. Send") != null){ session. set. Attribute("MSG", "Meet in BGB 202"); – }else if (request. get. Parameter("btn. Clear") != null){ – session. invalidate(); } %> • Session variable all objects no declaration • invalidate method <!DOCTYPE html> <head><title>JSP Page</title></head> <body> <form> <input name="btn. Send" type="submit" value="Send" /> <input name="btn. Clear" type="submit" value="Clear" /> <p><a href="display. jsp">Display</a></p> </form> </body> </html> Mark Dixon – deletes all session variables 12
Maintaining State: Session Object Display. jsp <%@page content. Type="text/html" %> <% String s = ""; if (session. get. Attribute("MSG") != null){ s = session. get. Attribute("MSG"). to. String(); } %> <!DOCTYPE html> <head><title>JSP Page</title></head> <body> <p>Message: <%=s%></p> </body> </html> Mark Dixon • read session variable, and • display 13
Example: Message • Using Session variable: Send. jsp <%@page content. Type="text/html" %> <% if (request. get. Parameter("btn. Send") != null){ session. set. Attribute("MSG", "Meet in BGB 202"); }else if (request. get. Parameter("btn. Clear") != null){ session. invalidate(); } %> <!DOCTYPE html> <head><title>JSP Page</title></head> <body> <form> <input name="btn. Send" type="submit" value="Send" /> <input name="btn. Clear" type="submit" value="Clear" /> <p><a href="display. jsp">Display</a></p> </form> </body> </html> Mark Dixon MSG Meet in BGB 202 Display. jsp <%@page content. Type="text/html" %> <% String s = ""; if (session. get. Attribute("MSG") != null){ s = session. get. Attribute("MSG"). to. Stri } %> <!DOCTYPE html> <head><title>JSP Page</title></head> <body> <p>Message: <%=s%></p> </body> </html> 14
Questions: Session Variables • Write a line of code to put the number 74 into a session variable called id. session. set. Attribute("id", 74); • Write code that puts 'Hello' a variable called msg if the session variable called id is equal to 74 if (session. get. Attribute("id") == 74){ msg = "Hello"; } Mark Dixon 15
Passing Data (temporary) • Query Strings – Useful for passing information between pages via links Mark Dixon 16
Maintaining State: Query Strings • Data added to end of URL (address): page. jsp? Surname=Bob Query String • JSP code can use this data: – request. get. Parameter("Surname") • would return the value "Bob" • Form method=get – data automatically added to query string Mark Dixon 17
Example: Date-Time Menu. jsp <html> <head> </head> <body> <p>What background colour do you want for you date information? <a href=Date. Time. jsp? Colour=yellow>Yellow</a> <a href=Date. Time. jsp? Colour=cyan>Light Blue</a> </body> </html> Date. Time. jsp <%@page content. Type="text/html" %> <%@page import="java. util. Date" %> <!DOCTYPE html> <head><title></head> <body bgcolor=<%=request. get. Parameter("Colour")%>> <p>The date is <%=new Date()%>. </body> </html> Mark Dixon 18
Cookies: What • store small textual data • on user's (client) computer – Actual location varies with platform (Windows, Linux, etc. ) C: Documents and SettingsUser. NameLocal SettingsTemporary Internet Files – e. g. (from www. amazon. co. uk) session-id-time 2082758401 l amazon. co. uk/ 1536 2679150208 31961202 4219423488 30182897 Mark Dixon 19
Cookies: Parts • has 6 parts: – Name – Value – Domain – Path – Expiration – Security flag • Name and Value are required – others have default values 20 Mark Dixon 20
Cookies: Creating 1. create cookie object 2. Constructor takes 2 parameters: 1. name and value (both Strings) Cookie c; c = new Cookie("X", "23"); response. add. Cookie(c); 3. add cookie to response • Note: any number of cookies can be created and added cookies with same name are replaced Mark Dixon 21
Cookies: Reading 1. get cookies using request. get. Cookies 1. cookies are in an array Cookie[] cookies; cookies = request. get. Cookies(); 2. process the cookies: 1. use loop 2. get. Name returns name 3. get. Value returns value Mark Dixon for(int i=0; i<cookies. length; i++){ // cookies[i]. get. Name() // cookies[i]. get. Value() } 22
Cookies: Disadvantages • browsers don’t always accept cookies – most modern browsers support cookies – still a few people using very old browsers • often the user turns cookies off! – user concerned with what server is doing with information about them then probably turn cookies off • can be used to transfer sensitive information in clear text • NOT a serious security threat (no viruses) Mark Dixon 23
Example: Message 2 (cookies) Send. jsp MSG Meet in BGB 202 <%@page content. Type="text/html" %> <% Cookie c; if (request. get. Parameter("btn. Send") != null){ c = new Cookie("MSG", "Meet in SMB 109"); c. set. Max. Age(3600); // 1 hour (60 * 60) response. add. Cookie(c); }else if (request. get. Parameter("btn. Clear") != null){ c = new Cookie("MSG", null); c. set. Max. Age(0); // delete cookie. response. add. Cookie(c); } %> <!DOCTYPE html> <head><title>JSP Page</title></head> <body> <form> <input name="btn. Send" type="submit" value="Send" /> <input name="btn. Clear" type="submit" value="Clear" /> <p><a href="Display. Cookie. jsp">Display</a></p> </form> </body> </html> Mark Dixon Display. jsp <%@page content. Type="text/html" %> <% Cookie[] cookies; int i; String s = ""; cookies = request. get. Cookies(); if (cookies != null){ for(i=0; i<cookies. length; i++){ if (cookies[i]. get. Name(). equals("MS s += cookies[i]. get. Value() + "<br / } } } %> <!DOCTYPE html> <head><title>JSP Page</title></head> <body> <p>Message: <%=s%></p> </body> </html> 24
Example: Message 2 (add cookies) Send. jsp <%@page content. Type="text/html" %> <% Cookie c; if (request. get. Parameter("btn. Send") != null){ c = new Cookie("MSG", "Meet in SMB 109"); c. set. Max. Age(3600); // 1 hour (60 * 60) response. add. Cookie(c); c. set. Max. Age(3600); // 1 hour (60 * 60) }else if (request. get. Parameter("btn. Clear") != null){ response. add. Cookie(c); c = new Cookie("MSG", null); }else if (request. get. Parameter("btn. Clear") != null){ c. set. Max. Age(0); // delete cookie. response. add. Cookie(c); c = new Cookie("MSG", null); } c. set. Max. Age(0); // delete cookie. %> response. add. Cookie(c); <!DOCTYPE html> } <html> <head><title>JSP Page</title></head> <body> <form> <input name="btn. Send" type="submit" value="Send" /> <input name="btn. Clear" type="submit" value="Clear" /> <p><a href="Display. Cookie. jsp">Display</a></p> </form> </body> </html> Mark Dixon 25
Example: Message 2 (get cookies) Cookie[] cookies; int i; String s = ""; cookies = request. get. Cookies(); if (cookies != null){ for(i=0; i<cookies. length; i++){ if (cookies[i]. get. Name(). equals("MSG")){ s += cookies[i]. get. Value() + " "; } } } Display. jsp <%@page content. Type="text/html" %> <% Cookie[] cookies; int i; String s = ""; cookies = request. get. Cookies(); if (cookies != null){ for(i=0; i<cookies. length; i++){ if (cookies[i]. get. Name(). equals("MS s += cookies[i]. get. Value() + "<br / } } } %> <!DOCTYPE html> <head><title>JSP Page</title></head> <body> <p>Message: <%=s%></p> </body> </html> Mark Dixon 26
Reference: Server Object Model • request object: calling web page – get. Parameter: used to get form and query-string data from page – get. Cookies: used to get cookie data from page • response object: web page sent back – send. Redirect: used to navigate to other page • session object: store data between pages – set. Attribute: stores data – get. Attribute: gets data – invalidate: clears session data Mark Dixon 27
Passing Data (persistent) • Cookies – stored on users’ (client) hard drive – persists between sessions – can be viewed by client – sent over http • Database/file (covered in later lectures) – stored on server hard drive – persists between sessions – cannot be accessed directly by client Mark Dixon 28
Tutorial Exercise: Message • LEARNING OBJECTIVE: pass data between pages using session variables, and (form) selfposting • Task 1: Get the message example working (from the lecture) • Task 2: Change the send. jsp page so that when you click the buttons it gives some feedback as to what has happened. Mark Dixon 29
Tutorial Exercise: Logon • LEARNING OBJECTIVE: pass data between pages using session variables, and (form) selfposting • Task 1: Type in the code for the Logon v 3 example (from the lecture) NOTE: this will not work properly (variables do not persist between pages) • Task 2: Modify this to use a session variable to 'remember' whether the logon was successful. Note: It should not be possible to view the source code Note: It should not be possible to bypass the logon Mark Dixon 30
Tutorial Exercise: Date • LEARNING OBJECTIVE: pass data between pages using query strings • Task 1: Get the Date-Time example (from the lecture) working • Task 2: Modify your page to provide another choice of background colour. Mark Dixon 31
Tutorial Exercise: Message 2 • LEARNING OBJECTIVE: pass data between pages using cookies • Task 1: Get the message 2 example working (from the lecture) • Task 2: Change the send. jsp page so that the user can change the text that is sent hint: add a text box Mark Dixon 32
- Slides: 32