Slide 1 - hrm-kt

advertisement

Session Management

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Review

Page-centric designs in JSP are called Model 1 architecture

Model 1 architecture is used for simple applications and generates dynamic content

Model 2 architecture is suitable for large and complex applications as it uses a combination of servlets and JSP

Model 2 applications are based on Model-View-Controller (MVC) pattern

MVC pattern contains a Model, View, and Controller

RequestDispatcher interface forwards the request from a JSP page or a servlet to other resources, such as HTML file, servlet, or a JSP page

The two methods in RequesDispatcher interface are include() and forward()

Errors in JSP page include Translation time and Request time errors

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Objectives

Define session

Explain and implement session tracking mechanism

Describe session lifecycle

Extend Java Server Pages

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Introducing Session

A long-term connection using the session layer of a network protocol

The Web server identifies requests and responses across a network connection as a single working session

Session acts as a link between the Web server and the client events

Web server uses the session to post client events to the server objects

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Introducing Session Contd…

JSP uses the sessions to store unique data of a particular client connected to a Web application

Sessions for two Web browsers (Clients)

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Methods in Session

Methods getAttribute() getAttributeNames() getCreationTime()

Description

Returns the object with specified name defined in the session. The getAttribute() method returns null if object is not found

Returns list of objects defined in the session

Returns the creation time of the session in milliseconds since midnight January 1, 1970 GMT getId() Returns the unique identifier which is the session

Id, as a string getLastAccessedTime() Returns the time of last client request with the session. The time is returned as number of milliseconds since midnight January 1, 1970 GMT

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Methods in Session Contd…

Methods Description getMaxInactive

Interval()

Returns the maximum time interval of the session. The servlet container keeps the session open till the user accesses the Web site removeAttribut e()

Removes the object associated with the specified string from the session setAttribute() Associates an object with the specified key string and stores it to the session setMaxInactive

Interval()

Specifies the time interval in seconds between the client requests before the servlet container will invalidate this session

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Overview of Session Tracking

Mechanisms

Maintains a session till the user is browsing the Web site

Used in interactive Web applications to store the information of the user logged in to the Web site

The information stored is used to identify the user sending a request to the Web server

Session tracking helps to maintain the session information and keeps track of the multiple requests made by the client

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Implementing Session

Tracking – Mechanisms

Server-side technologies maintain the information on the Web server

The server creates a session Id for the user logged in to the Web site and sends the session Id to the user computer

The session tracking feature contained in the servlets or JSP container maintains the state of a

Web browser

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Session Tracking Contd…

Information is sent to the browser in three ways, which include:

 Cookies

URL Rewriting

Hidden form field method

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Cookies

Cookies are text files stored on the user’s computer containing the session Id of the user sent by the

Web server

The cookie is sent back to the Web server with every subsequent request made by the user in the same session

The cookie includes a name, a single value and optional attributes

Cookies are used for maintaining sessions and do not have an expiration time

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Cookies – Contd…

Cookies help to maintain a single session for a user browsing the Web site

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Cookies – Contd…

Advantages of Cookies are:

 Remember user IDs and password.

 To track visitors on a Web site for better service and new features.

 Cookies enable efficient ad processing.

Disadvantages of Cookies are:

 The size and number of cookies stored are limited.

 Personal information is exposed to the other users.

 Cookies fails to work if the security level is set too high in the Internet browser.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

URL Rewriting

JSP hides the details of a cookie-based session tracking and supports the URL rewriting mechanism

URL Rewriting works with Web browsers that do not support cookies or the cookies that are disabled on a Web browser

Each URL that references the Web browser is returned to the user and contains additional information

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

URL Rewriting – Contd…

The session ID is encoded in the URLs that are created by the JSP pages

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

URL Rewriting – Contd…

<b>Search results for books</b>

<form method="post" action="serverprogram.jsp">

<input type="checkbox" name="productID" value="100">CD MP3 Converter Kit For Your

CAR<br>

<input type="checkbox" name="productID" value="101">Front Loading Car MP3/CD Player With

Anti Shock Memory and FM<br>

<input type="checkbox" name="productID" value="102">CAR/Home DVD/VCD/MP3 Playerwith anti shock for Indian Roads<br>

<input type="submit" name="Submit" value="Add to

Cart"><br>

</form>

© FPT SOFTWARE – TRAINING MATERIAL – Internal use

URL of server side program

Provides check box for different products

Submits the user input to URL

04e-BM/NS/HDCV/FSOFT v2/3

URL Rewriting Contd…

<b>Search results for books</b>

<form method="post" action="serverprogram.jsp?productID=102">

<input type="checkbox" name="productID" value="150">DVD Player with built in Amplifier

<br>

<input type="checkbox" name="productID" value="160">Ultra Slim DVD Player Multi

Region 5.1 Digital<br>

<input type="submit" name="Submit" value =

"Add to Cart">

<br>

</form>

© FPT SOFTWARE – TRAINING MATERIAL – Internal use

URL for server side program after the user selects a product and goes to another page

Provides check box for different products

Submits input to the URL

04e-BM/NS/HDCV/FSOFT v2/3

URL Rewriting – Contd…

Disadvantages of Cookies are:

 Server side processing is tedious.

 Every URL that is returned to the user should have additional information appended to it.

 If the user leaves the session and opens the

Web page using a link or bookmark then the session information is lost .

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Hidden Form Fields Method

Information from the Web browser is returned to the Web server in the form of HTTP parameters

Utilizes the hidden fields in an HTML page

Hidden fields in the form are used to send the information to the Web browser

Stores information about a session

Helps to carry the information from one HTML page to another

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Hidden Form Fields – Contd…

When the user visits the next page, the server side program reads all the parameters that a user passes in the previous form

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Hidden Form Fields Example

Hidden input field

Provides check box for user input

Submits user input to the server side program

<b>Search results for books</b>

<form method="post" action="serverprogram.jsp">

<input type="hidden" name="productID" value="100">

<input type="checkbox" name="productID" value="150">DVD

Player with Built in Amplifier <br>

<input type="checkbox" name="productID" value="160">Ultra

Slim DVD Player Multi Region 5.1 Digital<br>

<input type="submit" name="Submit" value="Add to

Cart"><br>

</form>

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Hidden Form Fields – Contd…

The advantages of hidden form fields are:

 Simplest way to implement session tracking

 Displays nothing on the HTML page but can be used to hold any kind of data

 Helps to maintain a connection between two pages

The disadvantage of hidden form fields is that this method of session tracking displays sensitive information to the user.

The information includes the data passed around to maintain a session.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Session Life Cycle

The server assigns a unique ID to the session created for a particular user request.

This session ID is passed to the client as a cookie or a hidden variable.

The session is considered new until the client returns the session ID to the server through a cookie or as a part of the requested URL.

A session exists on the server until it becomes invalid or the server is stopped.

The HttpSession objects are used to store the session data in the current servlet context.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Using Session Object

Session object can be used to store and read data.

The session object acts almost like a bulletin board from where the objects can be written or read

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Using Session Object Contd…

The request() method requests for the session object.

// Obtain a session object

HttpSession session = request.getSession(true);

//Add an item to the session

Integer sessionData = new Integer (100);

Session.putValue(“IntValue”, sessionData);

Obtains a session object

Adds item to the session object

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Using Session Object Contd…

 The session value can be read and cast to the appropriate object type.

// Obtain a session object

HttpSession session = request.getSession(true);

// Read the session data and cast it to the appropriate object type

Integer sessionInt = (Integer) session.getValue(“session”); int count = sessionInt.intValue();

© FPT SOFTWARE – TRAINING MATERIAL – Internal use

Obtains a session object

Reads the session value to appropriate datatype

04e-BM/NS/HDCV/FSOFT v2/3

Using Session Objects – Contd…

 The session can be invalidated using the invalidate() method of the

HttpSession object.

<%

String sessionval=(String)session.getAttribute("userid"));

{ if(sessionval == null)

{ session.setAttribute("userid",sessionval); out.println(session.getAttribute("userid"));

} else out.println("User Session already created");

}

%>

<b>click this link to

<a href="<%=session.removeAttribute("userid")%>">remove session attribute</a></b><br/>

<b>click this link to <a href="<%=session.invalidate()%>"> invalidate the session</a></b><br/>

© FPT SOFTWARE – TRAINING MATERIAL – Internal use

Accepts

If to userid userid sessionval null, the value of sessionval is set

.

Removes the session

Invalidates the session is

04e-BM/NS/HDCV/FSOFT v2/3

Using Session Object – Contd…

The binding of objects to a request object is similar to the storing of the object in a session

An object bound to a request is available only for the life of that particular request

An object can be bound using the setAttribute(String key, Object obj) method in the HttpRequest interface

An object can be retrieved using the getAttribute(String key) method.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Extending Java Server Pages

The superclass may offer several benefits, such as, a set of utilities, which may not be offered by the standard packages

In order to extend a JSP from a superclass, both the superclass and the extended JSP must follow several requirements

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Superclass

A superclass must implement the HttpJspPage interface to use the HTTP protocol or it must implement the JSP interface.

The superclass should include:

All methods from the Servlet Interface and must be declared as final.

The Service() method that should invoke the

_ jspService() method.

The init() method that should invoke the jspInit() method.

The destroy() method that should invoke the jspDestroy() method

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

JSP Sub-class

A JSP sub-class should provide jspInit() method and jspDestroy() method.

<%@ page extends = “servlet.JSPBase” %>

<%! public void jspInit(){ } public void jspDestroy(){ }

%>

<% out.println(“<B> User Name: </B>” + getUser(request) + “<P>”); out.println(“<B> Catalog: </B>” + getCatalog(request));

%>

Empty methods that satisfy the JSP subclassing conditions

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Summary

Session is a long-term connection that uses the session layer of a network layer protocol

Session acts as a link between the server and the client events

Web server uses the session to post client events to the server objects

Server objects utilize the session for passing messages to the client and listening to client events

The different methods of session object includes:

 getAttribute()

 getAttributeNames() getCreationTime() getId() getLastAccessedtime() getMaxInactiveInterval() removeAttribute() setAttribute() setMaxInactiveInterval()

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Summary – Contd…

Session tracking maintains a session till the user browses the Web site

The session tracking feature contained in the servlets or JSP container maintains the state of a Web browser

Cookies are text files stored on the user’s computer containing the session Id of the user, sent by the Web server

A Cookie is sent back to the Web server with every subsequent request made by the user in the same session

URL rewriting works with Web browsers that do not support cookies or the cookies that are disabled on a Web browser

The information from the Web browser is returned to the server in the form of HTTP parameters

Hidden form fields are used to store information about a session.

Hidden form field helps to carry the information from one HTML page to another HTML page

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Summary – Contd…

The server assigns a unique ID to the session created for a particular user request.

The HttpSession object is defined by the HttpSession interface, and is obtained using the getSession() method of the HttpServletRequest object.

Session object can be used to store and read data and acts almost like a bulletin board from where the objects can be written or read.

When the reading or writing operation is complete, the session can be invalidated using the invalidate() method of the HttpSession object.

Binding of objects to a request object is similar to the storing of the object in a session.

An object can be bound using the setAttribute(String key, Object obj) method in the HttpRequest interface, and can be retrieved using the getAttribute(String key) method.

A superclass must implement the HttpJspPage interface to use the HTTP protocol or it must implement the JSP interface.

A JSP sub-class should provide jspInit() method and jspDestroy() method.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Q & A

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3

Download