Session Tracking 2 Lec 32 Last Lecture Review

  • Slides: 23
Download presentation
Session Tracking - 2 Lec 32

Session Tracking - 2 Lec 32

Last Lecture Review p Session Tracking – why? p Need to store state –

Last Lecture Review p Session Tracking – why? p Need to store state – typical solutions n n n Cookies – already learned URL Rewriting Hidden Form Fields

Session Tracking Request Session ID = 123 XYZ Amazon Shopping Cart sc [item 1=324]

Session Tracking Request Session ID = 123 XYZ Amazon Shopping Cart sc [item 1=324] Servlet Container Credit: cs 193 i at Standford

Session Tracking Session ID = 123 XYZ Amazon Shopping Cart sc [item 1=324] Response:

Session Tracking Session ID = 123 XYZ Amazon Shopping Cart sc [item 1=324] Response: Set-Cookie: sid=123 XYZ Servlet Container Credit: cs 193 i at Standford

Session Tracking Request: Set-Cookie: sid=123 XYZ Session ID = 123 XYZ Amazon Shopping Cart

Session Tracking Request: Set-Cookie: sid=123 XYZ Session ID = 123 XYZ Amazon Shopping Cart sc [item 1=324] Servlet Container Credit: cs 193 i at Standford

Session Tracking Request: Set-Cookie: sid=123 XYZ Session ID = 123 XYZ Amazon Shopping Cart

Session Tracking Request: Set-Cookie: sid=123 XYZ Session ID = 123 XYZ Amazon Shopping Cart sc [item 1=324 item 2=115] Servlet Container Credit: cs 193 i at Standford

URL Rewriting

URL Rewriting

URL Rewriting p We can pass extra information to client by rewriting URLs. (appending

URL Rewriting p We can pass extra information to client by rewriting URLs. (appending info with URL) p The extra information can be in the form of p n Extra path information, n Added parameters, or n Some custom, server-specific URL change Due to limited space available in rewriting a URL, the extra information is usually limited to a unique session ID

URL Rewriting: Examples p For example, the following URLs have been rewritten to pass

URL Rewriting: Examples p For example, the following URLs have been rewritten to pass the session id 123 n Original http: //server: port/servlet/rewrite n Extra path information http: //server: port/servlet/rewrite/123 n Added parameter http: //server: port/servlet/rewrite? id=123 n Custom change http: //server: port/servlet/rewrite; $id$123

URL Rewriting: Disadvantages p What if the user bookmarks the page? p Every URL

URL Rewriting: Disadvantages p What if the user bookmarks the page? p Every URL on a page which needs the session information must be rewritten each time page is served n Computationally expensive n Can increase communication overhead p State stored in URLs is not persistent p Limits the client’s interaction with the server to HTTP GET request

Hidden Form Fields

Hidden Form Fields

Hidden Form Fields p <input type=“hidden” name=“sessionid” value=“ 123”>

Hidden Form Fields p <input type=“hidden” name=“sessionid” value=“ 123”>

Java’s Solution for Session Tracking Http. Session API

Java’s Solution for Session Tracking Http. Session API

Using Http. Session 1. To get the user’s session object n Call get. Session(

Using Http. Session 1. To get the user’s session object n Call get. Session( ) method of HTTPServlet. Request class n pass false to the get. Session() method Http. Session ses = request. get. Session(false); n If no current session exists: p You will get a null object

Using Http. Session cont. 1. To get the user’s session object (cont. ) n

Using Http. Session cont. 1. To get the user’s session object (cont. ) n n If true is passed to the get. Session() method then If user already has a session p the existing session is returned For example: Http. Session ses = request. get. Session(true); If no session exists p a new one is created and returned

Using Http. Session cont. 2. Storing information in a session n Session objects works

Using Http. Session cont. 2. Storing information in a session n Session objects works like a Hash. Map p Hash. Map is able to store any type of java object n You can therefore store any number of keys and their values n For example ses. set. Attribute(“id”, “ 123”); key Value

Using Http. Session cont. 3. Looking up information associated with a session String s.

Using Http. Session cont. 3. Looking up information associated with a session String s. ID = (String)ses. get. Attribute(“id”); returns an Object type, so you will need to perform a type cast

Using Http. Session cont. Terminating session 4. n Automatic p n After the amount

Using Http. Session cont. Terminating session 4. n Automatic p n After the amount of time session gets terminated automatically( get. Max. Inactive. Interval( ) ) Manual ses. invalidate();

Example Code Showing Session Information

Example Code Showing Session Information

Encoding URLs Sent to Client Http. Servlet. Response provides two methods to perform encoding

Encoding URLs Sent to Client Http. Servlet. Response provides two methods to perform encoding p 1. String encode. URL(String URL) 2. String encode. Redirect. URL(String URL) If Cookies disabled p n Both methods encodes (rewrites) the specified URL to include the session ID and returns the new URL If Cookies enabled p n Returns the URL unchanged

Encoding URLs Sent to Client cont. 1. String encode. URL(String URL) n For example

Encoding URLs Sent to Client cont. 1. String encode. URL(String URL) n For example String URL = “/servlet/sessiontracker”; String e. URL = response. encode. URL(URL); out. println("<A HREF="" + e. URL + "">. . . </A>");

Encoding URLs Sent to Client cont. 2. String encode. Redirect. URL(String URL) n For

Encoding URLs Sent to Client cont. 2. String encode. Redirect. URL(String URL) n For example String URL = “/servlet/sessiontracker”; String e. URL = response. encode. Redirect. URL(URL); response. send. Redirect(e. URL);

Example Code Online Book Store

Example Code Online Book Store