Maintain Session using URL Rewriting

In this method, we rewrite the URL and append the information to the URL to keep the track of the values. URL Rewriting can be used to maintain the session. We can maintain session using URL rewriting.

There are several methods to maintain session between client and server, see all types of method here

Lets see an example


How to maintain Session?


URL rewriting

Once you click on the URL rewriting link class will append p3lang in the URL. See below code of

This rewrite.jsp page is the response page. This page will display the value that we have sent in the URL.


Index page
URL Rewriting
Rewritten URL
URL Rewriting 1

Maintain Session using User Authorization

We can maintain session using User Authorization, the most common method.
Maintain Session using User Authorization is the second method in the series of post.

User Authorization is the most common way to maintain session between client and server.
A user has to sign-in into the application using their credentials. Once the user submits the form by filling the correct credentials a session gets created on the server that will be used during the entire user session.

Use these credentials to make this form work:
Password: session

This page contains the login form.

If the user successfully logged in then, this welcome page will get displayed. This welcome page will display the hello message and email id of the user.






In the above screenshot, you can see the login form. We haven’t logged in yet, the session present is the session that is by default assign by the Apache tomcat server to the browser.

Now let’s login with the credentials.


Using this method, We have set session in apache tomcat server not in cookies,

Below is the code snippet to display the session value on the webpage

Maintain Session using Cookies in jsp servlet

Session can be maintained using browser cookies.
Here in this post, we will see how to Maintain Session using Cookies in JSP servlet.

It is very simple to maintain session using cookies, you just need to create an object of Cookie Class then call addCookie() method on response.

Code Snippet:

See full example below:






Once you run the code, you will see a cookie has been created with name “JSESSIONID”. This JSESSIONID is assigned by the apache tomcat server to the client or browser.
Expiration of this JSESSIONID can be configured in web.xml file.

A cookie will be set, when you click on the ‘Cookies’ link. You can give any name to the link, Apple, for example.
This cookie is created using the code above.


Playing with Session in Java

In this port of Playing with Session in Java, we will explore some of the concepts of session and try to understand what session is:

What is session?
Session is a concept that is use to maintain connection between client and server.
In easy words its client and server interacts using session. Server recognizes client by validating clients session information.

Why session is needed?
As HTTP is a stateless protocol so a method/way was needed to maintain session or to know recognize the client.

Sessions do not last forever. A session either expires automatically, after a set time of inactivity (for the Java Web Server the default is 30 minutes), or manually by explicitly invalidating using a servlet. When a session expires (or is invalidated), the HttpSession object and the data values it contains are removed from the system.

How to maintain session?
1. Cookies
2. User Authorization
3. URL rewriting
4. Hidden Fields
5. Session tracking API
We will discuss of these methods with example, but before that we would like to clear some basic precision’s about session

* You don’t need login/logout mechanisms in order to have sessions.

* In java servlets, HTTP sessions are tracked using two mechanisms, HTTP cookie (the most commonly used) or URL rewriting (to support browser without cookies or with disabled cookies). Using only cookies is simple, you don’t have to do anything special. For URL re-writing, you need to modify all URLs pointing back to your servlets/filters.

* Each time you call request.getSession(true), the HttpRequest object will be inspected in order to find a session ID encoded either in a cookie OR/AND in the URL path parameter (what’s following a semi-colon). If the session ID cannot be found, a new session will be created by the servlet container (i.e. the server).

* The session ID is added to the response as a Cookie. If you want to support URL re-writing also, the links in your HTML documents should be modified using the response.encodeURL() method. Calling request.getSession(false) or simply request.getSession() will return null in the event the session ID is not found or the session ID refers to an invalid session.

* There is a single HTTP session by visit, as Java session cookies are not stored permanently in the browser. So sessions object are not shared between clients. Each user has his own private session.
Sessions are destroyed automatically if not used for a given time. The time-out value can be configured in the web.xml file.

* A given session can be explicitly invalidated using the invalidate() method.
When people are talking about JSESSIONID, they are referring to the standard name of the HTTP cookie used to do session-tracking in Java.


Now lets see the methods in which session can be maintained:
1. Cookies: Maintaining session using cookies is the simplest method, you don’t have to do anything special. In java when you opens a website or webpage a session is assign by the browser and these cookies has some expiration time.

See the below screen shot. Here a simple jsp page is displayed and Apache tomcat itself gives it a session id.

session cookie

You can also create set your own cookie if you want to save anything in browser’s cookie, just like shopping carts do to save the products visited by the user. This helps to keep track the products visited by the user even the user not is logged in.

View Cookies Example

2. User Authorization
Mostly used method to create session between client and server. In this method user has to fill the credentials to get authorization to use the application.

View User Authorization Example

3. URL rewriting: In this method you need to modify all URLs pointing back to your servlets/filters.

View URL Rewriting Example

4. Hidden Fields
This method is use when there is a need to send some values with the form on submit.
The value set in the hidden field can not be seen on the GUI but present as hidden values.
Syntax of representing hidden value in the form:

View Hidden Field Example

5. Session tracking API

Download Project
NOTE: This project is on Google drive so, to download this project you first need to add this to your Google drive then you will get the option to download it.

JSTL Tags in Jsp

JSTL is stands for JSP – standard Tag Library

JSTL gives the collection of jsp tags that are very useful if you are not using any framework like Struts2.

File Structure





Download jstl.jar




Download JSTL Hello Example