1 / 26

Session Tracking

REQ + ID. Anmeldung. ID. RES. Session Tracking. Problem: Identifizierung und Speicherung persönlicher Daten Warenkorb Lösung: Session mit ID. ID: ETWEFDR234ewdw. ID: JKLMGHNB45kdse43k. ID: JEWTSDTRWE45rrtt. Cookies. String sessionID = makeUniqueString();

lois
Télécharger la présentation

Session Tracking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. REQ + ID Anmeldung ID RES Session Tracking • Problem: • Identifizierung und Speicherung persönlicher Daten • Warenkorb • Lösung: • Session mit ID ID: ETWEFDR234ewdw ID: JKLMGHNB45kdse43k ID: JEWTSDTRWE45rrtt

  2. Cookies • String sessionID = makeUniqueString(); • Cokie sessionCookie = new Cokie(“jsession“, sessionID); • sessionCookie.setPath(“/ “); • response.addCookie(sessionCookie); • Server: • Generierung einer eindeutigen ID • Client: • Verwaltet Cookies Session Tracking

  3. URL-Rewriting • http://host/path/index.html;jsession=1234 • Diese Methode funktioniert auch mit Browsern ohne Cookies. • Server: • Generierung einer eindeutigen ID • Angabe der Verfallszeit (expiration time) • Verknüpfung Session Information mit Request • Client: • URL enthält mit zusätzliche Information. Session Tracking

  4. Hidden Form Fields • <INPUT TYPE=“HIDDEN“ NAME=“JSESSIONID“ VALUE=“1234“> • Nachteil: Jede Seite muss dynamisch generiert werden. • Server: • Generierung einer eindeutigen ID • Angabe der Verfallszeit (expiration time) • Verknüpfung Session Information mit Request Session Tracking

  5. HTTPSession Objekt Webserver http://..Session_Tomcat Servlet Container ? Id keine ! kgwx Session name:wert neue Id http://..Session_Tomcat Id ausCookie oder URL Id kgwx

  6. Methoden von HttpSession • public Object getValue(String name) [2.1] • public Object getAttribute(String name) [2.2] • public void putValue(String name,Object value); [2.1] • public void setAttribute(String name,Object value);[2.2] • public void removeValue(String name); [2.1] • public void removeAttribute(String name);[2.2] Session Tracking

  7. Methoden von HttpSession • public String[] getValueNames() [2.1] • public Enumeration getAttributeNames() [2.2] • Alle Attribute einer Session werden zurückgegeben. • public String getId(); • Eindeutige Session Id • public boolean isNew(); • true, falls der Browser die Session noch nie gesehen hat. Session Tracking

  8. Methoden von HttpSession • public long getCreationTime() • Zeit in Millisekunden von Januar 1970 • public int getMaxInactiveInterval(); • public void setMaxInactiveInterval(int seconds) • Maximale inaktive Zeit, die eine Session überleben soll. • seconds < 0 ; die Session soll immer aktiv bleiben • public void invalidate(); • Session wird mit allen assoziierten Objekten gelöscht. Session Tracking

  9. Automatische URL-rewriting • Das Servlet stellt automatisch auf URL-rewriting um, falls Cookies nicht erlaubt sind. • Für lokale Links: • String originalURL = someRelativeorAbsoluteURL; • String encodedURL = response.encodeURL(originalURL); • out.println(“<A HREF=\““ + encodedURL + “\“> ….</A>“); Session Tracking

  10. Session • package session; • import java.io.*; • import java.text.*; • import java.util.*; • import javax.servlet.*; • import javax.servlet.http.*; • public class Session_Tomcat extends HttpServlet { • public void doGet(HttpServletRequest request,HttpServletResponse response)throws IOException, ServletException • { • response.setContentType("text/html"); • PrintWriter out = response.getWriter(); • out.println("<html><body bgcolor=\"white\"><head>"); • String title = "Praxis der Internet Programmierung"; • out.println("<title>" + title + "</title></head><body>"); • out.println("<h3>" + title + "</h3>");

  11. Session • HttpSession session = request.getSession(); • out.println("SessionId " + session.getId()); • out.println("<br>Erzeugungszeit: "); • out.println(new Date(session.getCreationTime()) + "<br>"); • out.println("Letztmals benutzt: "); • out.println(new Date(session.getLastAccessedTime())); • String dataName = request.getParameter("dataname"); • String dataValue = request.getParameter("datavalue"); • if (dataName != null && dataValue != null) { • session.setAttribute(dataName, dataValue); • } • out.println("<P>Session Data <br>"); • Enumeration names = session.getAttributeNames(); • while (names.hasMoreElements()) { • String name = (String) names.nextElement(); • String value = session.getAttribute(name).toString(); • out.println(name + " = " + value + "<br>"); • }

  12. Session • out.print("<P><form action=\""); • out.print(response.encodeURL("Session_Tomcat")); • out.print("\" "); • out.println("method=POST>"); • out.println("Name: <input type=text size=20 name=dataname>"); • out.println("<br>Wert:"); • out.println("<input type=text size=20 name=datavalue>"); • out.println("<br><input type=submit>"); • out.println("</form>"); • out.println("<P>GET based form:<br>"); • out.print("<form action=\""); • out.print(response.encodeURL("Session_Tomcat")); • out.print("\" ");

  13. Session • out.println("method=GET>"); • out.println("Name:<input type=text size=20 name=dataname>"); • out.println("<br>Wert:"); • out.println("<input type=text size=20 name=datavalue>"); • out.println("<br><input type=submit>"); • out.println("</form>"); • out.print("<p><a href=\""); • out.print(response.encodeURL("Session_Tomcat?dataname=foo&datavalue=bar")); • out.println("\" >URL encoded </a>"); • out.println("</body></html>"); • } • public void doPost(HttpServletRequest request,HttpServletResponse response)throws IOException, ServletException • { • doGet(request, response); • } • }

  14. Praktikum • Einfacher Warenkorb: • Name, Vorname, Passwort in Session speichern • Gegenstände hinzufügen • Warenkorb anschauen • Gegenstände entfernen

  15. Warenkorbsystem: Katalog • public abstract class CatalogPage extends HttpServlet { • private Item[] items; • private String[] itemIDs; • private String title; • /** cut some lines **/ • public void doGet(HttpServletRequest request, • HttpServletResponse response) • throws ServletException, IOException { • response.setContentType("text/html"); • if (items == null) { • response.sendError(response.SC_NOT_FOUND, • "Missing Items."); • return; • } Session Tracking

  16. Warenkorbsystem: Katalog • PrintWriter out = response.getWriter(); • out.println(ServletUtilities.headWithTitle(title) + • "<BODY BGCOLOR=\"#FDF5E6\">\n" + • "<H1 ALIGN=\"CENTER\">" + title + "</H1>"); • Item item; • for(int i=0; i<items.length; i++) { • out.println("<HR>"); • item = items[i]; • if (item == null) { • out.println("<FONT COLOR=\"RED\">" + • "Unknown item ID " + itemIDs[i] + • "</FONT>"); • } else { Session Tracking

  17. Warenkorbsystem: Katalog • out.println(); • String formURL ="/servlet/onlinestore.OrderPage"; • formURL = response.encodeURL(formURL); • out.println • ("<FORM ACTION=\"" + formURL + "\">\n" + • "<INPUT TYPE=\"HIDDEN\" NAME=\"itemID\" " + • " VALUE=\"" + item.getItemID() + "\">\n" + • "<H2>" + item.getShortDescription() + • " ($" + item.getCost() + ")</H2>\n" + • item.getLongDescription() + "\n" + • "<P>\n<CENTER>\n" + • "<INPUT TYPE=\"SUBMIT\" " + • "VALUE=\"Add to Shopping Cart\">\n" + • "</CENTER>\n<P>\n</FORM>"); …. Session Tracking

  18. Warenkorbsystem: Bestellungen • HttpSession session = request.getSession(true); • ShoppingCart cart; • synchronized(session) { • cart = (ShoppingCart)session.getValue("shoppingCart"); • // New visitors get a fresh shopping cart. • // Previous visitors keep using their existing cart. • if (cart == null) { • cart = new ShoppingCart(); • session.putValue("shoppingCart", cart); • } Session Tracking

  19. Warenkorbsystem: Bestellungen • String itemID = request.getParameter("itemID"); • if (itemID != null) { • String numItemsString = • request.getParameter("numItems"); • if (numItemsString == null) { • // If request specified an ID but no number, then customers //came here via an "Add Item to Cart" button on a catalog page. • cart.addItem(itemID); • } else { Session Tracking

  20. Warenkorbsystem: Bestellungen • // If request specified an ID and number, then • // customers came here via an "Update Order" button • // after changing the number of items in order. • // Note that specifying a number of 0 results • // in item being deleted from cart. • int numItems; • try { • numItems = Integer.parseInt(numItemsString); • } catch(NumberFormatException nfe) { • numItems = 1; • } • cart.setNumOrdered(itemID, numItems); • } • } • } Session Tracking

  21. Warenkorbsystem: Bestellungen • // Whether or not the customer changed the order, show order status. • response.setContentType("text/html"); • PrintWriter out = response.getWriter(); • String title = "Status of Your Order"; • out.println(ServletUtilities.headWithTitle(title) + • "<BODY BGCOLOR=\"#FDF5E6\">\n" + • "<H1 ALIGN=\"CENTER\">" + title + "</H1>"); • synchronized(session) { • Vector itemsOrdered = cart.getItemsOrdered(); • if (itemsOrdered.size() == 0) { • out.println("<H2><I>No items in your cart...</I></H2>"); Session Tracking

  22. Warenkorbsystem: Bestellungen • for(int i=0; i<itemsOrdered.size(); i++) { • order = (ItemOrder)itemsOrdered.elementAt(i); • out.println • ("<TR>\n" + • " <TD>" + order.getItemID() + "\n" + • " <TD>" + order.getShortDescription() + "\n" + • " <TD>" + • formatter.format(order.getUnitCost()) + "\n" + " <TD>" + • "<FORM ACTION=\"" + formURL + "\">\n" + • "<INPUT TYPE=\"HIDDEN\" NAME=\"itemID\"\n" + • " VALUE=\"" + order.getItemID() + "\">\n" + • "<INPUT TYPE=\"TEXT\" NAME=\"numItems\"\n" + • " SIZE=3 VALUE=\"" + • order.getNumItems() + "\">\n" + Session Tracking

  23. Warenkorbsystem: Bestellungen • } else { • // If there is at least one item in cart, show table • // of items ordered. • out.println • ("<TABLE BORDER=1 ALIGN=\"CENTER\">\n" + • "<TR BGCOLOR=\"#FFAD00\">\n" + • " <TH>Item ID<TH>Description\n" + • " <TH>Unit Cost<TH>Number<TH>Total Cost"); • ItemOrder order; • NumberFormat formatter = NumberFormat.getCurrencyInstance(); • String formURL = "/servlet/onlinestore.OrderPage"; • formURL = response.encodeURL(formURL); Session Tracking

  24. Warenkorbsystem: Bestellungen • "<SMALL>\n" + • "<INPUT TYPE=\"SUBMIT\"\n "+ • " VALUE=\"Update Order\">\n" + • "</SMALL>\n" + • "</FORM>\n" + • " <TD>" + • formatter.format(order.getTotalCost())); • } • String checkoutURL = • response.encodeURL("/servlet/onlinestore.Checkout"); Session Tracking

  25. Warenkorbsystem: Bestellungen • // "Proceed to Checkout" button below table • out.println • ("</TABLE>\n" + • "<FORM ACTION=\"" + checkoutURL + "\">\n" + • "<BIG><CENTER>\n" + • "<INPUT TYPE=\"SUBMIT\"\n" + • " VALUE=\"Proceed to Checkout\">\n" + • "</CENTER></BIG></FORM>"); • } • out.println("</BODY></HTML>"); • } /** synchronized ** • } Session Tracking

More Related