JAVA: Session Tracking 1

<< JAVA: Dispatching Requests

JAVA: Session Tracking 2 >>

Web Design & Development CS506

Lesson 31

Session Tracking

We have discussed the importance of session tracking in the previous handout. Now, we'll discover the

basic techniques used for session tracking. Cookies are one of these techniques and remain our focus in this

handout. Cookies can be used to put small information on the client's machine and can be used for various

other purposes besides session tracking. An example of simple "Online Book Store", using cookies, will

also be surveyed.

As mentioned elsewhere, HTTP is a stateless protocol. Every request is considered independent of every

other request. But many applications need to maintain a conversational state with the client. A shopping

cart is a classical example of such conversational state.

Store State Somewhere

To maintain the conversational state, the straightforward approach is to store the state. But where? These

states either can be stored on server or on client. However, both options have their merits and demerits.

Let's cast a glance on these options:

Storing state on server side makes server really complicated as states needed to be stored for each client.

Some one can imagine how much space and processing is required in this scenario as some web servers are

hit more than hundred times in a second. E.g. Google, Yahoo etc.

What if states are stored on client side in order to maintain a conversation? Do all the clients permit you

doing that? What if client (user) wiped out these states from the machine?

Concluding this discussion, state is stored neither completely on server side nor on client. States are

maintained by the mutual cooperation of both client & server. Generally modern servers give the capability

to store state on the server side and some information (e.g. client ID/state ID) passed from the client will

relate each client with its corresponding state.

PostNotes

In order to maintain the conversational state, server puts little notes (some text, values etc) on the client

slide. When client submits the next form, it also unknowingly submits these little notes. Server reads these

notes and able to recall who the client is.

Three Typical Solutions

Three typical solutions come across to accomplish session tracking. These are:

URL Rewriting

Hidden Fields

Cookies

What a cookie is?

Don't be tempted? These are not, what you might be thinking off. In fact, in computer terminology, "a

cookie is a piece of text that a web server can store on a client's (user) hard disk".

Cookies allow the web sites to store information on a client machine and later retrieve it. The pieces of

information are stored as name-value pair on the client. Later while reconnecting to the same site (or same

domain depending upon the cookie settings), client returns the same name-value pair to the server.

Cookie's Voyage

To reveal the mechanism of cookies, let's take an example. We are assuming here that the web

application we are using will set some cookies

If you type URL of a Web site into your browser, your browser sends a request for that web page

o For example, when you type www.amazon.com a request is send to the Amazon's server

Before sending a request, browser looks for cookie files that amazon has set

If browser finds one or more cookie files related to amazon, it will send it along with the

request

o If not, no cookie data will be sent with the request

Amazaon web server receives the request and examines the request for cookies

o If cookies are received, amazon can use them

226

Web Design & Development CS506

If no cookie is received, amazon knows that you have not visited before or the cookies

that were previously set got expired.

o Server creates a new cookie and send to your browser in the header of HTTP

Response so that it can be saved on the client machine.

Potential Uses of Cookies

Whether cookies have more pros or cons is arguable. However, cookies are helpful in the following

situations

Identifying a user during an e-commerce session. For example, this book is added into shopping

cart by this client.

Avoiding username and password as cookies are saved on your machine

Customizing a site. For example, you might like email-inbox in a different look form others. This

sort of information can be stored in the form of cookies on your machine and latter can be used to

format inbox according to your choice.

Focused Advertising. For example, a web site can store information in the form of cookies about

the kinds of books, you mostly hunt for.

Sending Cookies to Browser

Following are some basic steps to send a cookie to a browser (client).

1. Create a Cookie Object

A cookie object can be created by calling the Cookie constructor, which takes two strings: the

cookie name and the cookie value.

Cookie c = new Cookie ("name", "value");

2. Setting Cookie Attributes

Before adding the cookie to outgoing headers (response), various characteristics of the cookie can

be set. For example, whether a cookie persists on the disk or not. If yes then how long.

A cookies by default, lasts only for the current user session (i.e. until the user quits the session) and

will not be stored on the disk.

Using setMaxAge(int lifetime) method indicates how much time (in seconds) should elapse before

the cookie expires.

c.setMaxAge(60); // expired after one hour

3. Place the Cookie into HTTP response

After making changes to cookie attributes, the most important and unforgettable step is to add this

currently created cookie into response. If you forget this step, no cookie will be sent to the

browser.

response.addCookie(c);

Reading Cookies from the Client

To read the cookies that come back from the client, following steps are generally followed.

1. Reading incoming cookies

To read incoming cookies, get them from the request object of the HttpServeltRequest by calling

following method

Cookie cookies[] = request.getCookies();

This call returns an array of Cookies object corresponding to the name & values that came in the

HTT P request header.

2. Looping down Cookies Array

Once you have an array of cookies, you can iterate over it. Two important methods of Cookie class

are getName()& getValue(). These are used to retrieve cookie name and value respectively.

// looping down the whole cookies array

for(int i=0; i<cookies.length; i++) {

// getting each cookie from the arrayCookie c = cookies[i];

// in search for particular cookie

if( c.getName().equals("someName") {

/* if found, you can do something with cookieor with the help of cookie.

If don't want to process further, loop canalso be stopped using break

227

Web Design & Development CS506

statement

}

} // end for

Example Code1: Repeat Visitor

In the example below, servlet checks for a unique cookie, named "repeat". If the cookie is present, servlet

displays "Welcome Back". Absence of cookie indicates that the user is visiting this site for the first time

thus servlet displays a message "Welcome Aboard".

This example contains only one servlet "RepeatVisitorServlet.java" and its code is given below. A code

snippet of web.xml is also accompanied.

Note: As a reminder, all these examples are built using netBeans4.1. This IDE will write web.xml for you.

However, here it is given for your reference purpose only, or for those which are not using any IDE to

strengthen their concepts

RepeatVisitorServlet.java

import java.io.*;import java.net.*;import

javax.servlet.*;import javax.servlet.http.*;

public class RepeatVisitorServlet extends HttpServlet {

// Handles the HTTP <code>GET</code> method.

protected void doGet(HttpServletRequest request,

HttpServletResponse response)throws ServletException, IOException{

processRequest(request, response);

}

// Handles the HTTP <code>POST</code> method.

protected void doPost(HttpServletRequest request,

HttpServletResponse response)throws ServletException, IOException{

processRequest(request, response);

}

// called from both doGet() & doPost()

protected void processRequest(HttpServletRequest request,

HttpServletResponse response)throws ServletException, IOException{

response.setContentType("text/html");

PrintWriter out = response.getWriter();

// writing html

out.println("<html>");

out.println("<body>");

out.println("<h2>Cookie Example </h2>");

String msg = "";

boolean repeatVisitor = false;

// reading cookies

Cookie[] cookies = request.getCookies();

// if cookies are returned from request object

if (cookies != null) {//search for cookie -- repeatfor (int i = 0; i < cookies.length; i++) {

// retrieving one cookie out of array

228

Web Design & Development CS506

Cookie c = cookies[i];

// retrieving name & value of the cookie

String name = c.getName();

String val = c.getValue();

// confirming if cookie name equals "repeat" and

// value equals "yes"

if( name.equals("repeat") && val.equals("yes"))

{

msg= "Welcome Back";repeatVisitor = true;break;

}

} // end for

} // end if

// if no cookie with name "repeat" is foundif (repeatVisitor == false){

// create a new cookie

Cookie c1 = new Cookie("repeat", "yes");

// setting time after which cookies expires

c1.setMaxAge(60);

// adding cookie to the response

response.addCookie(c1);

msg = "Welcome Aboard";

}

// displaying message value

out.println("<h2>" + msg + "</h2>");

out.println("</body>");

out.println("</html>");

out.close();}}// end RepeatVisitorServlet

web.xml

<?xml version="1.0" encoding="UTF-8"?>

<web-app>

<servlet> <servlet-name> RepeatVisitorServlet </servlet-name><servlet-class> RepeatVisitorServlet

</servlet-class>

</servlet>

<servlet-mapping><servlet-name> RepeatVisitorServlet </servlet-name><url-pattern> /repeatexample

</url-pattern>

</servlet-mapping>

</web-app>

Output

On first time visiting this URL, an output similar to the one given below would be displayed

229

Web Design & Development CS506

On refreshing this page or revisiting it within an hour (since the age of cookie was set to 60 mins),

following output should be expected.

Example Code2: Online Book Store using cookies

A scale down version of online book store is going to be built using cookies. For the first time,

cookies will be used to maintain the session.

Three books will be displayed to the user along with check boxes. User can select any check box to add the

book in the shopping cart. The heart of the application is, it remembers the books previously selected by the

user.

The following figure will help you understand the theme of this example. Books displayed under the

heading of "You have selected the following books" were added to cart one after another. The important

thing is server that remembers the previously added books by the same user and thus maintains the session.

Session management is accomplished using cookies.

230

Web Design & Development CS506

Online Book Store example revolves around one ShoppingCartServlet.java. This Servlet has one global

HashMap (globalMap) in which HashMap of individual user (sessionInfo) are going to be stored. This

(sessionInfo) HashMap stores the books selected by the user.

What's the part of cookies? Cookie (named JSESSIONID, with unique value) is used to keep the unique

sessionID associated with each user. This sessionID is passed back and forth between user and the server

and is used to retrieve the HashMap (sessionInfo) of the user from the global HashMap at the server. It

should be noted here that, HashMaps of individual users are stored in a global HashMap against a

sessionID.

ShoppingCartServlet.java

import java.io.*;import java.net.*;import

javax.servlet.*;import javax.servlet.http.*;

public class ShoppingCartServlet extends HttpServlet {

// used to generate a unique value which is

// used as a cookie value

public static int S_ID = 1;

// used to store HashMaps of indiviual users

public static HashMap globalMap = new HashMap();

// Handles the HTTP GET method.

protected void doGet(HttpServletRequest request,

HttpServletResponse response)throws ServletException, IOException{

processRequest(request, response);

231

Web Design & Development CS506

}

// Handles the HTTP <code>POST</code> method.

protected void doPost(HttpServletRequest request,

HttpServletResponse response)throws ServletException, IOException{

processRequest(request, response);

}

// called from both doGet() & doPost()

protected void processRequest(HttpServletRequest request,

HttpServletResponse response)

throws ServletException, IOException {

response.setContentType("text/html;charset=UTF-8");

// declaring user's HashMap

HashMap sessionInfo = null;String sID = "";

// method findCookie is used to determine whether browser// has send any cookie named

"JSESSIONID"

Cookie c = findCookie(request);

// if no cookies named "JSESSIONID" is recieved, means that// user is visiting the site for the first time.

if (c == null) {

// make a unique string

sID = makeUniqueString();

// creating a HashMap where books selected by the// user will be stored

sessionInfo = new HashMap();

// add the user's HashMap (sessionInfo) into the// globalMap against unique string i.e. sID

globalMap.put(sID, sessionInfo);

// create a cookie named "JSESSIONID" alongwith

// value of sID i.e. unique string

Cookie sessionCookie = new Cookie("JSESSIONID", sID);

// add the cookie to the response

response.addCookie(sessionCookie);

} else {

// if cookie is found named "JSESSIONID",// retrieve a HashMap from the globalMap

against// cookie value i.e. unique string which is your//sessionID

sessionInfo = (HashMap) globalMap.get( c.getValue() );

}

PrintWriter out = response.getWriter();

out.println("<html>");

out.println("<head>");

out.println("<title>Shooping Cart Example</title>");

out.println("</head>");

out.println("<body>");

out.println("<h1>Online Book Store</h1>");

String url ="http://localhost:8084/cookiesessionex/shoppingcartex";

// user will submit the from to the same servlet

out.println("<form action=" + url +">" +"<h3><input type=checkbox name=firstCB value=firstCB

232

Web Design & Development CS506

/>" +" java core servlts</h3>" +"<br>"+

"<h3><input type=checkbox name=secondCB value=secondCB />" +

" java how to program</h3>" +

"<br>"+

"<h3><input type=checkbox name=thirdCB value=thirdCB />" +

" java complete reference</h3>" +

"<br>"+

"<input type=submit value=\"Add to Cart\" />" +

"</from>"

);

out.println("<br/>");

out.println("<h1>You have selected followig books</h1>");

out.println("<br/>");

//reteriving params of check boxes

String fBook = request.getParameter("firstCB");

String sBook = request.getParameter("secondCB");

String tBook = request.getParameter("thirdCB");

// if first book is selected then add it to

// user's HashMap i.e. sessionInfo

if ( fBook != null && fBook.equals("firstCB") ) {

sessionInfo.put("firstCB", "java core servlets");

}

// if second book is selected then add it to

// user's HashMap i.e. sessionInfo

if (sBook != null && sBook.equals("secondCB")){sessionInfo.put("secondCB",

"java how to program");}

// if third book is selected then add it to

// user's HashMap i.e. sessionInfo

if (tBook != null && tBook.equals("thirdCB")){sessionInfo.put("thirdCB", "java

complete reference");}

// used to display the books currently stored in

// the user's HashMap i.e. sessionInfo

printSessionInfo(out, sessionInfo);

out.println("</body>");

out.println("</html>");

out.close();

} // end processRequest() // method used to generate a unique string

public String makeUniqueString(){return "ABC" + S_ID++;}

// returns a reference global HashMap.

public static HashMap findTableStoringSessions(){return globalMap;}

// method used to find a cookie named "JSESSIONID"

233

Web Design & Development CS506

public Cookie findCookie(HttpServletRequest request){

Cookie[] cookies = request.getCookies();

if (cookies != null) {

for(int i=0; i<cookies.length; i++) {

Cookie c = cookies[i];

if (c.getName().equals("JSESSIONID")){// doSomethingWith cookiereturn c;

}

return null;

}

// used to print the books currently stored in// user's HashMap. i.e. sessionInfo

public void printSessionInfo(PrintWriter out,HashMap sessionInfo){

String title = "";

title= (String)sessionInfo.get("firstCB");

if (title != null){

out.println("<h3> "+ title +"</h3>");

}

title= (String)sessionInfo.get("secondCB");

if (title != null){

out.println("<h3> "+ title +"</h3>");

}

title= (String)sessionInfo.get("thirdCB");if (title !=

null){out.println("<h3> "+ title +"</h3>");}}

} // end ShoppingCartServlet

web.xml

<?xml version="1.0" encoding="UTF-8"?>

<web-app>

<servlet> <servlet-name> ShoppingCart </servlet-name><servlet-class> ShoppingCartServlet </servlet-

class>

</servlet>

<servlet-mapping>

<servlet-name> ShoppingCart </servlet-name>

<url-pattern> /shoppingcartex </url-pattern>

</servlet-mapping>

</web-app>

References:

Java A Lab Course by Umair Javed

Core Servlets and JSP by Marty Hall

Stanford Course Internet Technologies

Java API documentation

234

Table of Contents: