In this method, we rewrite the URL and append the information to the URL to keep the track of the values. URL Rewriting can be used to maintain the session. We can maintain session using URL rewriting.
There are several methods to maintain session between client and server, see all types of method here
Lets see an example
<%--Document:index Created on:16Aug,2012,4:22:58PM Author:Abhishek--%>
User Authorization is the most common way to maintain session between client and server.
A user has to sign-in into the application using their credentials. Once the user submits the form by filling the correct credentials a session gets created on the server that will be used during the entire user session.
Use these credentials to make this form work:
Once you run the code, you will see a cookie has been created with name “JSESSIONID”. This JSESSIONID is assigned by the apache tomcat server to the client or browser.
Expiration of this JSESSIONID can be configured in web.xml file.
A cookie will be set, when you click on the ‘Cookies’ link. You can give any name to the link, Apple, for example.
This cookie is created using the code above.
In this port of Playing with Session in Java, we will explore some of the concepts of session and try to understand what session is:
What is session?
Session is a concept that is use to maintain connection between client and server.
In easy words its client and server interacts using session. Server recognizes client by validating clients session information.
Why session is needed?
As HTTP is a stateless protocol so a method/way was needed to maintain session or to know recognize the client.
Sessions do not last forever. A session either expires automatically, after a set time of inactivity (for the Java Web Server the default is 30 minutes), or manually by explicitly invalidating using a servlet. When a session expires (or is invalidated), the HttpSession object and the data values it contains are removed from the system.
How to maintain session?
2. User Authorization
3. URL rewriting
4. Hidden Fields
5. Session tracking API
We will discuss of these methods with example, but before that we would like to clear some basic precision’s about session
* You don’t need login/logout mechanisms in order to have sessions.
* In java servlets, HTTP sessions are tracked using two mechanisms, HTTP cookie (the most commonly used) or URL rewriting (to support browser without cookies or with disabled cookies). Using only cookies is simple, you don’t have to do anything special. For URL re-writing, you need to modify all URLs pointing back to your servlets/filters.
* Each time you call request.getSession(true), the HttpRequest object will be inspected in order to find a session ID encoded either in a cookie OR/AND in the URL path parameter (what’s following a semi-colon). If the session ID cannot be found, a new session will be created by the servlet container (i.e. the server).
* The session ID is added to the response as a Cookie. If you want to support URL re-writing also, the links in your HTML documents should be modified using the response.encodeURL() method. Calling request.getSession(false) or simply request.getSession() will return null in the event the session ID is not found or the session ID refers to an invalid session.
* There is a single HTTP session by visit, as Java session cookies are not stored permanently in the browser. So sessions object are not shared between clients. Each user has his own private session.
Sessions are destroyed automatically if not used for a given time. The time-out value can be configured in the web.xml file.
* A given session can be explicitly invalidated using the invalidate() method.
When people are talking about JSESSIONID, they are referring to the standard name of the HTTP cookie used to do session-tracking in Java.
Now lets see the methods in which session can be maintained: 1. Cookies: Maintaining session using cookies is the simplest method, you don’t have to do anything special. In java when you opens a website or webpage a session is assign by the browser and these cookies has some expiration time.
See the below screen shot. Here a simple jsp page is displayed and Apache tomcat itself gives it a session id.
You can also create set your own cookie if you want to save anything in browser’s cookie, just like shopping carts do to save the products visited by the user. This helps to keep track the products visited by the user even the user not is logged in.
3. URL rewriting: In this method you need to modify all URLs pointing back to your servlets/filters.
View URL Rewriting Example
4. Hidden Fields
This method is use when there is a need to send some values with the form on submit.
The value set in the hidden field can not be seen on the GUI but present as hidden values.
Syntax of representing hidden value in the form:
View Hidden Field Example
5. Session tracking API
NOTE: This project is on Google drive so, to download this project you first need to add this to your Google drive then you will get the option to download it.