servlets-2

8/12/2019 servlets-2

1/28


2/28

Topics to be covered

Statelessness of HTTP protocol

Business logic needs stateful protocol

What is a Session?

What is Session ID?

What is Session Tracking?

Hidden form fields

URL Rewriting

Cookies

Session Tracking API


3/28

Topics to be covered

Creating session

Setting new Attribute in Session Deleting session data

Servlet Context scope

Context scope attributes Redirect to another webpage

Mechanism used by sendRedirct

Using RequestDispatcher

CookeisAnatomy of cookeis

Seting cookies with servlet

Reading cookies with Servlet


4/28

Statelessness of HTTP protocol Series of actions in http request-response protocol :

A client opens a connection

Requests some resource

Server receives the request

Generates the response

Sends back the response to the client

Closes the connection

Once the connection is closed, the server cannot rememberany information about the client.

So server considers the next request from the same client as afresh client, with no relation to the previous request.

So HTTP protocol is called stateless protocol.


5/28

Business logic needs stateful protocol

When there is a need to maintain the conversationalstate, session tracking is needed.

Ex: In a shopping cart application a client keeps on adding

items into his cart using multiple requests.

When every request is made, the server should identifyin which clients cart the item is to be added.

So in this scenario, there is a certain need for session

tracking. Solution is, when a client makes a request it should

introduce itself by providing unique identifier everytime.


6/28

What is a Session?

A session is a conversation between the server and a client.A conversation consists series of continuous request and

response.

A Session refers to sequence of all the requests that a single

client makes to a server for a particular period.

A session is specific to the user and for each user a new

session is created to track all the request from that user.

Every user has a separate session and separate sessionvariable is associated with that session.

In case of web applications the default time-out value for

session variable is 20 minutes, which can be changed as per

the requirement.


7/28

What is Session ID?

A session ID is an unique identification string usually along, random and alpha-numeric string.

It is transmitted between the client and the server.

Session IDs are usually stored in the cookies, URLs (in caseurl rewriting) and hidden fields of Web pages.


8/28

What is Session Tracking?

HTTP is stateless protocol and it does not maintainthe client state.

But there exist a mechanism called "Session Tracking"

which helps the servers to maintain the state to trackthe series of requests from the same user across someperiod of time.

Different types of Session Tracking?

a) Cookiesb) URL rewritingc) Hidden form fieldsd) SSL Sessions


9/28

Hidden form fields

Hidden fields like the above can be inserted in the

webpages and information can be sent to the server for

session tracking.

These fields are not visible directly to the user, but can be

viewed using view source option from the browsers.

This type doesnt need any special configuration from the

browser of server and by default available to use forsession tracking.

This cannot be used for session tracking when the

conversation included static resources lik html pages.


10/28

URL Rewriting

Original URL: http://server:port/servlet/ServletName

Rewritten URL:

http://server:port/servlet/ServletName?sessionid=7546

When a request is made, additional parameter is appended with theurl.

In general added additional parameter will be sessionid orsometimes the userid.

It will suffice to track the session. This type of session trackingdoesnt need any special support from the browser.

Disadvantage is, implementing this type of session tracking istedious.

We need to keep track of the parameter as a chain link until theconversation completes and also should make sure that, theparameter doesnt clash with other application parameters.


11/28

Cookies

Cookies are the mostly used technology for session tracking. Cookie is a key value pair of information, sent by the server to the browser.

This should be saved by the browser in its space in the client computer.

Whenever the browser sends a request to that server it sends the cookiealong with it.

Then the server can identify the client using the cookie.

In java, following is the source code snippet to create a cookie:

Cookie cookie = new Cookie(sessionID, 7546);response.addCookie(cookie);

Session tracking is easy to implement and maintain using the cookies. Disadvantage is that, the users can opt to disable cookies using their

browser preferences.

In such case, the browser will not save the cookie at client computer andsession tracking fails.


12/28

Session tracking API HttpServletRequest interface has a method to create

HttpSession object to track the session.

HttpSession ses = request.getSession(true); this method will check whether already a session is existing

for the user. If a session is existing, it will return that sessionobject, Otherwise will create a session object expicitly andreturns to the client.

HttpSession ses = request.getSession();

Alternate shortcut method for request.getSession(true) HttpSession ses = request.getSession(false);

this method will check whether a session is existing. If yes,then it returns the reference of that session object, Otherwiseit returns 'null'.


13/28

Creating the session


14/28

Setting a new attribute in session


15/28


16/28

ServletContext Scope

The context scope parameters are shared by all servletsin the same web application

The context scope parameters are stored in web.xml


17/28

Context scope attributes


18/28

Redirect into another webpage sendRedirect () method:

This method is declared in HttpServletResponseInterface.

Signature: void sendRedirect(String url) This method is used to redirect client request to some

other location for further processing,the new location isavailable on different server or different context.

Our web container handle this and transfer the requestusing browser ,and this request isvisible in browser as anew request.

Some time this is also called as client side redirect


19/28

Mechanism used by sendRedirct()


20/28

Using RequestDespacher Forward() method: ( declared in RequestDispatcherInterface ) Signature: forward(ServletRequest request, ServletResponse response) This method is used to pass the request to another resource for further

processingwithin the same server, another resource could be any servlet,jsp page any kind of file.

This process is taken care by web container. When we call forward method request is sent to another resourcewithout

the client being informed,which resource will handle the request it hasbeen mention on requestDispatcher.

We can get by two ways either using ServletContext or Request. This is also called server side redirect.

RequestDispatcher rd = request.getRequestDispatcher("pathToResource");rd.forward(request, response);Or

RequestDispatcher rd =servletContext.getRequestDispatcher("/pathToResource");rd.forward(request, response);


21/28

Forward() sendRedirect()

request is transfer to other resource

within the same server.

request is transfer to another resource to

different domain or different server

Web container handle all process

internally and client or browser is not

involved.

container transfers the request to

browser so url given inside the

sendRedirect()is visible as a new

request to the client.We pass request and response object so

our old request object is present on new

resource which is going to process our

request

old request and response object is lost

because its treated as new request by

the browser.

faster then send redirect. SendRedirect is slower becausecompletely new request is created and

old request object is lost.

We can use same data in new resource

with request.setAttribute () as we have

request object available.

We cannot store the request scope data

because the old request object is lost.


22/28

Example using forward() Using sendRedirect() :

On same server response.sendRedirect("http://localhost:8090/Chaining/Ch

ain2");

On another server String name=request.getParameter("name");

response.sendRedirect("http://www.google.co.in/#q="+name);

Using forward() request.getRequestDispatcher(/hello.jsp).forward(req,re

s)


23/28

Difference between the getRequestDispatcher()

method of ServletContext and that of ServletRequest

You can pass a relative path to the getRequestDispatcher() method ofServletRequest but not to the getRequestDispatcher() method ofServletContext.

For example, request.getRequestDispatcher("../html/copyright.html") is valid, and the

getRequestDispatcher() method of ServletRequest will evaluate the pathrelative to the path of the request.

For the getRequestDispatcher() method of ServletContext, the pathparameter cannot be relative and must start with /.

This makes sense because ServletRequest has a current request path toevaluate the relative path while ServletContext does not.

You cannot directly forward or include a request to a resource in another webapplication. To do this, you need to get a reference to the Servlet-Context of the other web

application using this.getServletContext().getContext(uripath). Using this servlet context reference, you can retrieve an appropriate

RequestDispatcher object as usual.


24/28

Cookies Cookies are text files stored on the client computer and

they are kept for various information tracking purpose.Java Servlets transparently supports HTTP cookies.

There are three steps involved in identifying returning

users: Server script sends a set of cookies to the browser. For

example name, age, or identification number etc.

Browser stores this information on local machine for futureuse.

When next time browser sends any request to web serverthen it sends those cookies information to the server andserver uses that information to identify the user.


25/28

The Anatomy of a Cookie Cookies are usually set in an HTTP header .

A servlet that sets a cookie might send headers thatlook something like this:


26/28

Setting Cookies with Servlet


27/28

Example :


28/28

Reading Cookies with Servlet To read cookies, you need to create an array of

javax.servlet.http.Cookieobjects by calling the getCookies( )method of HttpServletRequest. Then cycle through the array, and use getName() and getValue()

methods to access each cookie and associated value.

servlets-2

Documents

Transcript of servlets-2