W Eb P Rogramming and & U Ser I Nterface D Esign Week 3

Download as ppt, pdf, or txt
Download as ppt, pdf, or txt
You are on page 1of 17

Web Programming and &

User Interface Design


Week 3
Learning Objectives
 Server side Validation with Login form
 Introduction to Sessions
 Java Server Pages and MVC architecture
INTRODUCTION TO
Sessions
Objectives
 To review the problem that the HTTP
connectionless environment poses for E-
Commerce
 Solution 1: hidden fields
 Solution 2: cookies
 Solution 3. session control
Websphere Java Servlet
Request Processing
Client http://eagle.acadiau.ca/demo/servlet/HelloWorld
Browser

HTML
Tomcat
HTTP
Internet App. Server
Internet Server
JVM
servlet/HelloWorld

HelloWorld.class
demo/servlet/ equates to
…/demo/WEB-INF/classes/HelloWorld.class
HTTP is Connectionless
 The HTTP protocol is connectionless
 Knowledge of prior pages visited or, for
example, products placed in a shopping cart
are easily lost
 So how can server applications maintain a
sense of a session with a client?
– hidden fields
– cookies
– session control
Hidden Fields in HTML
 Solution comes from CGI period
 Server hides session information within HTML
returned to the client
 FORM field INPUT type can be set to “hidden”
<INPUT TYPE=“hidden” NAME=“itemsbought”
VALUE=“209087,342901”>
 Field name and value will be returned to the server
by the client when the client submits the form
request to the server
Hidden Fields in HTML

 Problems with this method?


– User can see the hidden info (use source view)
– Causes a lot of additional HTTP traffic
– Session info is lost if HTML (that contains
hidden fields) is lost
Servlets and Cookies
 Solution comes from CGI period but has evolved with
Java servlets
 Servlets send a small piece of data to the client that gets
written to a secure disk area:
How does the servlet do this?
Cookie c = new Cookie(name, value);

response.addCookie(c)
 So the session data (products placed in the users shopping
cart) can be stored in cookie
 Or simply an ID can be placed in the cookie and the server
can maintain the session data
Servlets and Cookies
 Client browsers will check to see if there is
a cookie associated with any request to a
server (URL) or a particular server/path …
The server can establish the URL specifics:
Cookie c = new Cookie(name, value);
c.setDomain(“eagle.acadiau.ca”);
c.setPath(“/”);
 Could be more specific if desired … the
above is the default
Servlets and Cookies
 Whenever a new request is sent to the
server it checks to see if a cookie is
included:
Cookie[] cookies = request.getCookies();
for (int i = 0; i < cookies.length; i++) {
Cookie c = cookies[i];
String name = c.getName();
String value = c.getValue();

}
Servlets and Cookies
 Problems with this method?

– Cookies have limit life (servlet, browser) and size


(4k bytes)

– Maximum number of cookies set by browser

– User may disable cookie acceptance

– Can be inefficient in terms of data communications


Servlets and Sessions
 Solution is most commonly used with Java
servlets and JSPs
 The Servlet JDK comes with HTTP class
that facilitates session management -
HttpSession
 A session is a connection between a client
and server that persists over multiple HTTP
request / responses
Servlets and Sessions
 A new session is established by using the
getSession() method of HttpSession class:
HttpSession session = req.getsession(true);
 If parameter = “true” the servlet engine checks to
see if an session already exists, if so a handle is
returned, otherwise a new session is created
 Therefore, more than one servlet can participate in
a session
 Cookies are used to identify a session on the client
Servlets and Sessions
Session objects contain various information:
HttpSession session = request.getSession();

out.println(rb.getString("sessions.id") + " " + session.getId());


out.println("<br>"); [NOTE: rb is a resource bundle class – replace
rb.getString() with ASCII text for your own purposes]

out.println(rb.getString("sessions.created") + " ");


out.println(new Date(session.getCreationTime()) + "<br>");

out.println(rb.getString("sessions.lastaccessed") + " ");


out.println(new Date(session.getLastAccessedTime()));
Servlets and Sessions
 Data stored as attribute-value pairs
 Three key HttpSession methods:
– setAttribute(dataName, dataValue)
– getAttributeNames(), getAttribute(dataName)
 Examples:
String dataName = request.getParameter("dataname");
String dataValue = request.getParameter("datavalue");
if (dataName != null && dataValue != null) {
session.setAttribute(dataName, dataValue);
}

Enumeration names = session.getAttributeNames();


while (names.hasMoreElements()) {
String name = (String) names.nextElement();
String value = session.getAttribute(name).toString();
out.println(name + " = " + value + "<br>");
}
THE END

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy