Servlets – Session Tracking

Session Tracking in Servlets

Session means a particular interval of time. Http protocol is a stateless protocol. Each time user sends requests to the server, server treats the request as the new request. So we need to maintain the state of an user to recognize to particular user. Session Tracking is a way to maintain state (data) of an user. It is also known as session management in servlet.


 Session Tracking Techniques

There are four techniques used in Session tracking:

  1. Cookies
  2. URL Rewriting
  3. HttpSession

 Cookies in Servlet

A cookie is a small piece of information that is persisted between the multiple client requests. A cookie has a name, a single value, and optional attributes such as a comment, path and domain qualifiers, a maximum age, and a version number.

Cookie – Working

By default, each request is considered as a new request. In cookies technique, we add cookie with response from the servlet. This cookie information is stored in the cache of the browser. After that if request is sent by the user, cookie is added with request by default. Thus, we recognize the user as the old user.

Types of Cookie – There are 2 types of cookies in servlets.
  1. Non-persistent cookie
    • It is valid for single session only. It is removed each time when user closes the browser.
  2. Persistent cookie
    • It is valid for multiple sessions. It is not removed each time the user closes the browser. It is removed only if user logout or signout.
Advantage of Cookies
  1. Simplest technique of maintaining the state.
  2. Cookies are maintained at client side.
Disadvantage of Cookies
  1. It will not work if cookie is disabled from the browser.
  2. Only textual information can be set in Cookie object.

 URL Rewriting

In URL rewriting, we append a token or identifier to the URL of the next Servlet or the next resource. We can send parameter name/value pairs using the following format:

url?name1=value1&name2=value2&??

A name and a value is separated using an equal = sign. Multiple parameter name/value pairs are separated from one another using the ampersand (&). When the user clicks the hyperlink, the parameter name/value pairs will be passed to the server. From a Servlet, we can use getParameter() method to obtain a parameter value.

Advantage of URL Rewriting
  1. It will always work whether cookie is disabled or not (browser independent).
  2. Extra form submission is not required on each pages.
Disadvantage of URL Rewriting
  1. It will work only with links.
  2. It can send only textual information.

HttpSession interface

In such case, container creates a session id for each user. The container uses this id to identify the particular user. An object of HttpSession can be used to perform two tasks:

  1. bind objects
  2. view and manipulate information about a session, such as the session identifier, creation time, and last accessed time.

 

How to get the HttpSession object ?

The HttpServletRequest interface provides two methods to get the object of HttpSession:

  1. public HttpSession getSession():Returns the current session associated with this request, or if the request does not have a session, creates one.
  2. public HttpSession getSession(boolean create):Returns the current HttpSession associated with this request or, if there is no current session and create is true, returns a new session.

 

Commonly used methods of HttpSession interface
  1. public String getId():Returns a string containing the unique identifier value.
  2. public long getCreationTime():Returns the time when this session was created, measured in milliseconds since midnight January 1, 1970 GMT.
  3. public long getLastAccessedTime():Returns the last time the client sent a request associated with this session, as the number of milliseconds since midnight January 1, 1970 GMT.
  4. public void invalidate():Invalidates this session then unbinds any objects bound to it.

Example Program  – Link

  1. Session Management using Cookies 
  2. Session Management using Servlets