1 / 18

Comp2513 Java Servlets and Sessions

Comp2513 Java Servlets and Sessions. Daniel L. Silver, Ph.D. Objectives. To review the problem that the HTTP connectionless environment poses for E-Commerce Solution 1: hidden fields Solution 2: cookies Solution 3. session control

maine
Télécharger la présentation

Comp2513 Java Servlets and Sessions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Comp2513Java Servlets and Sessions Daniel L. Silver, Ph.D.

  2. Objectives • To review the problem that the HTTP connectionless environment poses for E-Commerce • Solution 1: hidden fields • Solution 2: cookies • Solution 3. session control • Reference: DDEA Ch.7, Sharma p.110-122 and EJP (Ch.4) p.48-63 Daniel L. Silver

  3. Websphere Java ServletRequest Processing Client http://eagle.acadiau.ca/demo/servlet/HelloWorld Browser Tomcat App. Server HTTP Server HTML Internet JVM servlet/HelloWorld HelloWorld.class demo/servlet/ equates to …/demo/WEB-INF/classes/HelloWorld.class Daniel L. Silver

  4. HTTP is Connectionless • The HTTP protocol is connectionless • Knowledge of prior pages visited or, for example, products placed in a shopping cart are easily lost • So how can server applications maintain a sense of a session with a client? • hidden fields • cookies • session control Daniel L. Silver

  5. Hidden Fields in HTML • Solution comes from CGI period • Server hides session information within HTML returned to the client • FORM field INPUT type can be set to “hidden” <INPUT TYPE=“hidden” NAME=“itemsbought” VALUE=“209087,342901”> • Field name and value will be returned to the server by the client when the client submits the form request to the server Daniel L. Silver

  6. Hidden Fields in HTML • Example: http://eagle.acadiau.ca:8080/danstech/HiddenFields.html • Problems with this method? • User can see the hidden info (use source view) • Causes a lot of additional HTTP traffic • Session info is lost if HTML (that contains hidden fields) is lost Daniel L. Silver

  7. Servlets and Cookies • Solution comes from CGI period but has evolved with Java servlets • Servlets send a small piece of data to the client that gets written to a secure disk area: How does the servlet do this? Cookie c = new Cookie(name, value); … response.addCookie(c) • So the session data (products placed in the users shopping cart) can be stored in cookie • Or simply an ID can be placed in the cookie and the server can maintain the session data Daniel L. Silver

  8. Servlets and Cookies • Client browsers will check to see if there is a cookie associated with any request to a server (URL) or a particular server/path … The server can establish the URL specifics: Cookie c = new Cookie(name, value); c.setDomain(“eagle.acadiau.ca”); c.setPath(“/”); • Could be more specific if desired … the above is the default Daniel L. Silver

  9. Servlets and Cookies • Whenever a new request is sent to the server it checks to see if a cookie is included: Cookie[] cookies = request.getCookies(); for (int i = 0; i < cookies.length; i++) { Cookie c = cookies[i]; String name = c.getName(); String value = c.getValue(); … } Daniel L. Silver

  10. Servlets and Cookies A cookie is established by the server in the HTTP response header: Content-type: text/html Set-Cookie: name=value; expires=Sat, 26-Aug-95 15:45:30 GMT; path=/; domain=eagle.acadiau.ca expires= determines the life of the cookie expires= a negative value (default), then cookie expires when the browser exits, so it is never written to disk expires=0 tells the browser to delete the cookie immediately To set a cookie’s life in seconds use the Cookie method: setMaxAge(int expiry) Daniel L. Silver

  11. Servlets and Cookies • Example 1 – A Session cookie: http://eagle.acadiau.ca:8080/examples/servlets/index.html • Full source code http://eagle.acadiau.ca/demo/CookieExample.java • Example 2 – A Persistent Cookie http://eagle.acadiau.ca/demo/PersistentCookieExample.html - Full source code http://eagle.acadiau.ca/demo/PersistentCookieExample.java • Problems with this method? • Cookies have limit life (servlet, browser) and size (4k bytes) • Maximum number of cookies set by browser • User may disable cookie acceptance • Can be inefficient in terms of data communications Daniel L. Silver

  12. Servlets and Cookies • For more information on cookies see • Netscape's Cookie Specification at http://home.netscape.com/newsref/std/cookie_spec.html • Or RFC 2109 at http://www.ietf.org/rfc/rfc2109.txt • Or http://www.cookiecentral.com. Daniel L. Silver

  13. Servlets and Sessions • Solution is most commonly used with Java servlets and JSPs • The Servlet JDK comes with HTTP class that facilitates session management - HttpSession • A session is a connection between a client and server that persists over multiple HTTP request / responses Daniel L. Silver

  14. Servlets and Sessions • A new session is established by using the getSession() method of HttpSession class: HttpSession session = req.getsession(true); • If parameter = “true” the servlet engine checks to see if an session already exists, if so a handle is returned, otherwise a new session is created • Therefore, more than one servlet can participate in a session • Cookies are used to identify a session on the client Daniel L. Silver

  15. Servlets and Sessions Session objects contain various information: HttpSession session = request.getSession(); out.println(rb.getString("sessions.id") + " " + session.getId()); out.println("<br>"); [NOTE: rb is a resource bundle class – replace rb.getString() with ASCII text for your own purposes] out.println(rb.getString("sessions.created") + " "); out.println(new Date(session.getCreationTime()) + "<br>"); out.println(rb.getString("sessions.lastaccessed") + " "); out.println(new Date(session.getLastAccessedTime())); Daniel L. Silver

  16. Servlets and Sessions • Data stored as attribute-value pairs • Three key HttpSession methods: • setAttribute(dataName, dataValue) • getAttributeNames(), getAttribute(dataName) • Examples: String dataName = request.getParameter("dataname"); String dataValue = request.getParameter("datavalue"); if (dataName != null && dataValue != null) { session.setAttribute(dataName, dataValue); } Enumeration names = session.getAttributeNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); String value = session.getAttribute(name).toString(); out.println(name + " = " + value + "<br>"); } Daniel L. Silver

  17. Servlets and Sessions • Example: http://eagle.acadiau.ca:8080/examples/servlets/index.html • Full source code http://eagle.acadiau.ca/demo/SessionExample.java • Problems with this method? • Normally, HTTPSession terminates when browser is closed • You may wish to have a business session (shopping tour) extend beyond browser closures Daniel L. Silver

  18. THE ENDdanny.silver@acadiau.ca

More Related