Session Tracking

Servlets
Introduction
For implementing flexible business transactions
across multiple requests and responses, we need two
facilities
Session : The server should be able to identify that a
series of requests from a single client forms a single
working session.
State : The server should be able to remember
information related to previous requests and other
business decisions that are made for requests.
Approaches for session tracking
There are typically 3 approaches for session
tracking:-
1. URL Rewriting
2. Cookies
3. Hidden form fields.

Url Rewriting
In this approach , the token is embedded in each URL .In each dynamically
generated page, the server embeds an extra query parameter,or extra
information,in each URL in the page.When the client submits requests
using such URLs , the token is retransmitted to the server.

For example:
http://www.myserver.com/servlet/demo;uid=mca?name=kiran&div=a
In this example the server is www.myserver.com
and the resource path is /demo;uid=mca, rest is the query string.
Here uid is unique token having value=mca

Cookies
Cookies are one of the most refined forms of
token that clients and servers can exchange. A
cookie contains a name-value pair with certain
additional attributes, exchanged in the response
and request headers.
Web servers send a cookie by sending the Set-
Cookie response header in the following format:
Set-Cookie: Name=value;Comment=COMMENT;
Domain=DomainName;Maxage=seconds;Path=path

For example :
Set-Cookie;uid=mca;Max-age=3600;Domain=.myserver.com

Servlet API provides a class called javax.servlet.http.Cookie that
represents a cookie from the perspective of the servlet.

Cookie c=new Cookie(uid,mca);
c.setMaxAge(60*60);
c.setDomain(.myserver.com);



Hidden Form Fields
In this approach , the unique token is embedded
within each HTML form. For example , the
following HTML specifies an input control of
type HIDDEN

<input type=HIDDEN Name=uid
value=mca>

Session Creation and Tracking
Methods from HttpServletRequest interface for
creating and tracking HttpSession objects are:

public HttpSession getSession(boolean true);
public HttpSession getSession();

HttpSession Interface
HttpSession interface has following methods:
public Object getAttribute(String name)
public Enumeration getAttributes()
public long getCreationTime()
public String getID()
public long getLastAccessedTime()
public int getMaxInactiveInterval()
public void invalidate()
public boolean isNew()
public void removeAttribute(String name)
public void setAttribute(String name)
public void setMaxInactiveInterval(int interval)