HTTP is stateless Need to maintain identify clients sending requests javax.servlet.http.HttpSession is an interface that provides a way to identify a user across more than one page request or visit to a web site Useful in saving user detail, shopping carts Other mechanisms – URL rewrite, Cookies – dangerous, security issues. What is a session?
Access the session object Call request.getSession to get HttpSession object This is a hashtable associated with the user Look up information associated with a session. Call getAttribute on the HttpSessionobject Store information in a session. Use setAttribute with a key and a value. Discard session data. Call removeAttribute discards a specific value. Call invalidate to discard an entire session. getID() getAttributeNames() Returns an Enumeration of String objects containing the names of all the objects bound to this session. Session data
Write a servlet A that stores 5 integers in session Write a servlet B that echoes all the data in the session including the session id, and creation time Excerise
Some servers support distributed Web apps Load balancing used to send different requests to different machines. Sessions should still work even if different hosts are hit. On some servers, you must call setAttribute to trigger replication This is a tradeoff: session duplication can be expensive, but gives you better load balancing Distributed and PersistentSessions
Some servers support persistent sessions Session data written to disk and reloaded when server is restarted (as long as browser stays open) Tomcat 5 and 6 support this User Serializable objects to store in distributed and persistent sessions. Distributed and PersistentSessions