Scribd
Upload
46 views17 pages

W Eb P Rogramming and & U Ser I Nterface D Esign Week 3

This document discusses solutions for maintaining user session state in web applications. It describes hidden fields, cookies, and server-side sessions. Hidden fields expose session data, while cookies have size and number limitations. Server-side sessions use a unique ID stored in a cookie to associate requests with server-side session objects that can store user and application data on the server. This allows session information to be maintained across multiple requests and pages.

Uploaded by

Sneha Katakam
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
46 views17 pages

W Eb P Rogramming and & U Ser I Nterface D Esign Week 3

This document discusses solutions for maintaining user session state in web applications. It describes hidden fields, cookies, and server-side sessions. Hidden fields expose session data, while cookies have size and number limitations. Server-side sessions use a unique ID stored in a cookie to associate requests with server-side session objects that can store user and application data on the server. This allows session information to be maintained across multiple requests and pages.

Uploaded by

Sneha Katakam
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd

Web Programming and &

User Interface Design


Week 3
Learning Objectives
 Server side Validation with Login form
 Introduction to Sessions
 Java Server Pages and MVC architecture
INTRODUCTION TO
Sessions
Objectives
 To review the problem that the HTTP
connectionless environment poses for E-
Commerce
 Solution 1: hidden fields
 Solution 2: cookies
 Solution 3. session control
Websphere Java Servlet
Request Processing
Client [Link]
Browser

HTML
Tomcat
HTTP
Internet App. Server
Internet Server
JVM
servlet/HelloWorld

[Link]
demo/servlet/ equates to
…/demo/WEB-INF/classes/[Link]
HTTP is Connectionless
 The HTTP protocol is connectionless
 Knowledge of prior pages visited or, for
example, products placed in a shopping cart
are easily lost
 So how can server applications maintain a
sense of a session with a client?
– hidden fields
– cookies
– session control
Hidden Fields in HTML
 Solution comes from CGI period
 Server hides session information within HTML
returned to the client
 FORM field INPUT type can be set to “hidden”
<INPUT TYPE=“hidden” NAME=“itemsbought”
VALUE=“209087,342901”>
 Field name and value will be returned to the server
by the client when the client submits the form
request to the server
Hidden Fields in HTML

 Problems with this method?


– User can see the hidden info (use source view)
– Causes a lot of additional HTTP traffic
– Session info is lost if HTML (that contains
hidden fields) is lost
Servlets and Cookies
 Solution comes from CGI period but has evolved with
Java servlets
 Servlets send a small piece of data to the client that gets
written to a secure disk area:
How does the servlet do this?
Cookie c = new Cookie(name, value);

[Link](c)
 So the session data (products placed in the users shopping
cart) can be stored in cookie
 Or simply an ID can be placed in the cookie and the server
can maintain the session data
Servlets and Cookies
 Client browsers will check to see if there is
a cookie associated with any request to a
server (URL) or a particular server/path …
The server can establish the URL specifics:
Cookie c = new Cookie(name, value);
[Link](“[Link]”);
[Link](“/”);
 Could be more specific if desired … the
above is the default
Servlets and Cookies
 Whenever a new request is sent to the
server it checks to see if a cookie is
included:
Cookie[] cookies = [Link]();
for (int i = 0; i < [Link]; i++) {
Cookie c = cookies[i];
String name = [Link]();
String value = [Link]();

}
Servlets and Cookies
 Problems with this method?

– Cookies have limit life (servlet, browser) and size


(4k bytes)

– Maximum number of cookies set by browser

– User may disable cookie acceptance

– Can be inefficient in terms of data communications


Servlets and Sessions
 Solution is most commonly used with Java
servlets and JSPs
 The Servlet JDK comes with HTTP class
that facilitates session management -
HttpSession
 A session is a connection between a client
and server that persists over multiple HTTP
request / responses
Servlets and Sessions
 A new session is established by using the
getSession() method of HttpSession class:
HttpSession session = [Link](true);
 If parameter = “true” the servlet engine checks to
see if an session already exists, if so a handle is
returned, otherwise a new session is created
 Therefore, more than one servlet can participate in
a session
 Cookies are used to identify a session on the client
Servlets and Sessions
Session objects contain various information:
HttpSession session = [Link]();

[Link]([Link]("[Link]") + " " + [Link]());


[Link]("<br>"); [NOTE: rb is a resource bundle class – replace
[Link]() with ASCII text for your own purposes]

[Link]([Link]("[Link]") + " ");


[Link](new Date([Link]()) + "<br>");

[Link]([Link]("[Link]") + " ");


[Link](new Date([Link]()));
Servlets and Sessions
 Data stored as attribute-value pairs
 Three key HttpSession methods:
– setAttribute(dataName, dataValue)
– getAttributeNames(), getAttribute(dataName)
 Examples:
String dataName = [Link]("dataname");
String dataValue = [Link]("datavalue");
if (dataName != null && dataValue != null) {
[Link](dataName, dataValue);
}

Enumeration names = [Link]();


while ([Link]()) {
String name = (String) [Link]();
String value = [Link](name).toString();
[Link](name + " = " + value + "<br>");
}
THE END

You might also like