© 2005 Marty Hall




          Session Tracking


      JSP, Servlet, Struts, JSF, AJAX, & Java 5 Training: http://course...
Agenda
    •   Implementing session tracking from scratch
    •   Using basic session tracking
    •   Understanding the s...
Rolling Your Own Session
    Tracking: Cookies
    • Idea: associate cookie with data on server
      String sessionID = m...
Rolling Your Own Session
     Tracking: Hidden Form Fields
     • Idea:
       <INPUT TYPE="HIDDEN" NAME="session" VALUE="...
Session Tracking Basics
     • Access the session object
       – Call request.getSession to get HttpSession object
      ...
What Changes if Server Uses
     URL Rewriting?
     • Session tracking code:
       – No change
     • Code that generate...
HttpSession Methods
      (Continued)
     • isNew
        – Determines if session is new to client (not to page)
     • g...
A Servlet that Shows Per-Client
     Access Counts (Continued)
      PrintWriter out = response.getWriter();
      …
     ...
A Servlet that Shows Per-Client
      Access Counts: Result 2




19                                     J2EE training: ht...
Accumulating a List
     of User Data (Continued)
         String newItem = request.getParameter("newItem");
         Prin...
Accumulating a List
     of User Data: Result




23                                         J2EE training: http://courses...
An On-Line Bookstore




25                    J2EE training: http://courses.coreservlets.com




     An On-Line Bookstor...
Distributed and Persistent
     Sessions
     • Some servers support distributed Web
       applications
       – Load bal...
© 2005 Marty Hall




                       Questions?


     JSP, Servlet, Struts, JSF, AJAX, & Java 5 Training: http://...
Upcoming SlideShare
Loading in...5
×

Session Tracking

1,496

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,496
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
29
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Session Tracking"

  1. 1. © 2005 Marty Hall Session Tracking JSP, Servlet, Struts, JSF, AJAX, & Java 5 Training: http://courses.coreservlets.com 3 J2EE Books from Sun Press: http://www.coreservlets.com © 2005 Marty Hall For live J2EE training, see training courses on JSP, servlets, Struts, JSF, AJAX, and Java 5 at http://courses.coreservlets.com/. Taught by the author of Core Servlets and JSP, More Servlets and JSP, and this tutorial. Available at public venues, or customized versions can be JSP, Servlet, Struts, JSF, AJAX, & at your organization. held on-site Java 5 Training: http://courses.coreservlets.com 4 Additional topics available upon request. J2EE Books from Sun Press: http://www.coreservlets.com
  2. 2. Agenda • Implementing session tracking from scratch • Using basic session tracking • Understanding the session-tracking API • Differentiating between server and browser sessions • Encoding URLs • Storing immutable objects vs. storing mutable objects • Tracking user access counts • Accumulating user purchases • Implementing a shopping cart 5 • Building an online store J2EE training: http://courses.coreservlets.com Session Tracking and E-Commerce • Why session tracking? – When clients at on-line store add item to their shopping cart, how does server know what’s already in cart? – When clients decide to proceed to checkout, how can server determine which previously created cart is theirs? Dilbert used with permission of United Syndicates Inc. 6 J2EE training: http://courses.coreservlets.com
  3. 3. Rolling Your Own Session Tracking: Cookies • Idea: associate cookie with data on server String sessionID = makeUniqueString(); HashMap sessionInfo = new HashMap(); HashMap globalTable = findTableStoringSessions(); globalTable.put(sessionID, sessionInfo); Cookie sessionCookie = new Cookie("JSESSIONID", sessionID); sessionCookie.setPath("/"); response.addCookie(sessionCookie); • Still to be done: – Extracting cookie that stores session identifier – Setting appropriate expiration time for cookie – Associating the hash tables with each request 7 – Generating the unique session identifiers http://courses.coreservlets.com J2EE training: Rolling Your Own Session Tracking: URL-Rewriting • Idea – Client appends some extra data on the end of each URL that identifies the session – Server associates that identifier with data it has stored about that session – E.g., http://host/path/file.html;jsessionid=1234 • Advantage – Works even if cookies are disabled or unsupported • Disadvantages – Must encode all URLs that refer to your own site – All pages must be dynamically generated – Fails for bookmarks and links from other sites 8 J2EE training: http://courses.coreservlets.com
  4. 4. Rolling Your Own Session Tracking: Hidden Form Fields • Idea: <INPUT TYPE="HIDDEN" NAME="session" VALUE="..."> • Advantage – Works even if cookies are disabled or unsupported • Disadvantages – Lots of tedious processing – All pages must be the result of form submissions 9 J2EE training: http://courses.coreservlets.com Session Tracking in Java • Session objects live on the server • Sessions automatically associated with client via cookies or URL-rewriting – Use request.getSession to get session • Behind the scenes, the system looks at cookie or URL extra info and sees if it matches the key to some previously stored session object. If so, it returns that object. If not, it creates a new one, assigns a cookie or URL info as its key, and returns that new session object. • Hashtable-like mechanism lets you store arbitrary objects inside session – setAttribute stores values – getAttribute retrieves values 10 J2EE training: http://courses.coreservlets.com
  5. 5. Session Tracking Basics • Access the session object – Call request.getSession to get HttpSession object • This is a hashtable associated with the user • Look up information associated with a session. – Call getAttribute on the HttpSession object, cast the return value to the appropriate type, and check whether the result is null. • Store information in a session. – Use setAttribute with a key and a value. • Discard session data. – Call removeAttribute discards a specific value. 11 – Call invalidate to discard an entire session. J2EE training: http://courses.coreservlets.com Session Tracking Basics: Sample Code HttpSession session = request.getSession(); SomeClass value = (SomeClass)session.getAttribute("someID"); if (value == null) { value = new SomeClass(...); session.setAttribute("someID", value); } doSomethingWith(value); – Do not need to call setAttribute again (after modifying value) if the modified value is the same object. But, if value is immutable, modified value will be a new object reference, and you must call setAttribute again. 12 J2EE training: http://courses.coreservlets.com
  6. 6. What Changes if Server Uses URL Rewriting? • Session tracking code: – No change • Code that generates hypertext links back to same site: – Pass URL through response.encodeURL. • If server is using cookies, this returns URL unchanged • If server is using URL rewriting, this appends the session info to the URL • E.g.: String url = "order-page.html"; url = response.encodeURL(url); • Code that does sendRedirect to own site: – Pass URL through response.encodeRedirectURL 13 J2EE training: http://courses.coreservlets.com HttpSession Methods • getAttribute – Extracts a previously stored value from a session object. Returns null if no value is associated with given name. • setAttribute – Associates a value with a name. Monitor changes: values implement HttpSessionBindingListener. • removeAttribute – Removes values associated with name. • getAttributeNames – Returns names of all attributes in the session. • getId – Returns the unique identifier. 14 J2EE training: http://courses.coreservlets.com
  7. 7. HttpSession Methods (Continued) • isNew – Determines if session is new to client (not to page) • getCreationTime – Returns time at which session was first created • getLastAccessedTime – Returns time at which session was last sent from client • getMaxInactiveInterval, setMaxInactiveInterval – Gets or sets the amount of time session should go without access before being invalidated • invalidate – Invalidates current session 15 J2EE training: http://courses.coreservlets.com A Servlet that Shows Per-Client Access Counts public class ShowSession extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); HttpSession session = request.getSession(); String heading; Integer accessCount = (Integer)session.getAttribute("accessCount"); if (accessCount == null) { accessCount = new Integer(0); heading = "Welcome, Newcomer"; } else { heading = "Welcome Back"; accessCount = new Integer(accessCount.intValue() + 1); } session.setAttribute("accessCount", accessCount); 16 J2EE training: http://courses.coreservlets.com
  8. 8. A Servlet that Shows Per-Client Access Counts (Continued) PrintWriter out = response.getWriter(); … out.println (docType + "<HTML>n" + "<HEAD><TITLE>" + title + "</TITLE></HEAD>n" + "<BODY BGCOLOR="#FDF5E6">n" + "<CENTER>n" + "<H1>" + heading + "</H1>n" + "<H2>Information on Your Session:</H2>n" + "<TABLE BORDER=1>n" + "<TR BGCOLOR="#FFAD00">n" + " <TH>Info Type<TH>Valuen" + … " <TD>Number of Previous Accessesn" + " <TD>" + accessCount + "n" + "</TABLE>n" + "</CENTER></BODY></HTML>"); 17 J2EE training: http://courses.coreservlets.com A Servlet that Shows Per-Client Access Counts: Result 1 18 J2EE training: http://courses.coreservlets.com
  9. 9. A Servlet that Shows Per-Client Access Counts: Result 2 19 J2EE training: http://courses.coreservlets.com Accumulating a List of User Data public class ShowItems extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { HttpSession session = request.getSession(); ArrayList previousItems = (ArrayList)session.getAttribute("previousItems"); if (previousItems == null) { previousItems = new ArrayList(); session.setAttribute("previousItems", previousItems); } 20 J2EE training: http://courses.coreservlets.com
  10. 10. Accumulating a List of User Data (Continued) String newItem = request.getParameter("newItem"); PrintWriter out = response.getWriter(); … synchronized(previousItems) { if ((newItem != null) && (!newItem.trim().equals(""))) { previousItems.add(newItem); } if (previousItems.size() == 0) { out.println("<I>No items</I>"); } else { out.println("<UL>"); for(int i=0; i<previousItems.size(); i++) { out.println("<LI>" + (String)previousItems.get(i)); } out.println("</UL>"); } } out.println("</BODY></HTML>"); 21 } J2EE training: http://courses.coreservlets.com Accumulating a List of User Data: Front End 22 J2EE training: http://courses.coreservlets.com
  11. 11. Accumulating a List of User Data: Result 23 J2EE training: http://courses.coreservlets.com An On-Line Bookstore • Session tracking code stays the same as in simple examples • Shopping cart class is relatively complex – Identifies items by a unique catalog ID – Does not repeat items in the cart • Instead, each entry has a count associated with it • If count reaches zero, item is deleted from cart • Pages built automatically from objects that have descriptions of books 24 J2EE training: http://courses.coreservlets.com
  12. 12. An On-Line Bookstore 25 J2EE training: http://courses.coreservlets.com An On-Line Bookstore 26 J2EE training: http://courses.coreservlets.com
  13. 13. Distributed and Persistent Sessions • Some servers support distributed Web applications – Load balancing used to send different requests to different machines – Session tracking still guaranteed to work • Some servers suport persistent sessions – Session data written to disk and reloaded when server is restarted • To support both, session data should implement the java.io.Serializable interface – There are no methods in this interface; it is just a flag. 27 J2EE training: http://courses.coreservlets.com Summary • Sessions do not travel across network – Only unique identifier does • Get the session – request.getSession • Extract data from session – session.getAttribute • Do typecast and check for null • Put data in session – session.setAttribute 28 J2EE training: http://courses.coreservlets.com
  14. 14. © 2005 Marty Hall Questions? JSP, Servlet, Struts, JSF, AJAX, & Java 5 Training: http://courses.coreservlets.com 29 J2EE Books from Sun Press: http://www.coreservlets.com

×