Comp1503 Introduction to E-Commerce Technology

decorumgroveInternet and Web Development

Aug 7, 2012 (5 years and 14 days ago)

279 views

Comp2513


Java Servlets and Sessions

Daniel L. Silver, Ph.D.

2001

Daniel L. Silver

2

Objectives


To review the problem that the HTTP
connectionless environment poses for E
-
Commerce


Solution 1: hidden fields


Solution 2: cookies


Solution 3. session control


Reference: DDEA Ch.7, Sharma p.110
-
122
and EJP (Ch.4) p.48
-
63


2001

Daniel L. Silver

3

Websphere Java Servlet

Request Processing

Internet

Browser

Client

HTTP


Server

HelloWorld.class

http://eagle.acadiau.ca/demo/servlet/HelloWorld

Tomcat

App. Server

servlet/HelloWorld

demo/servlet/
equates to

…/demo/WEB
-
INF/classes/HelloWorld.class

HTML

JVM

2001

Daniel L. Silver

4

HTTP is Connectionless


The HTTP protocol is connectionless


Knowledge of prior pages visited or, for
example, products placed in a shopping cart
are easily lost


So how can server applications maintain a
sense of a session with a client?


hidden fields


cookies


session control

2001

Daniel L. Silver

5

Hidden Fields in HTML


Solution comes from CGI period


Server hides session information within HTML
returned to the client


FORM field INPUT type can be set to “hidden”

<INPUT TYPE=“hidden” NAME=“itemsbought”
VALUE=“209087,342901”>


Field name and value will be returned to the server
by the client when the client submits the form
request to the server


2001

Daniel L. Silver

6

Hidden Fields in HTML


Example:

http://eagle.acadiau.ca:8080/danstech/HiddenFields.html



Problems with this method?


User can see the hidden info (use source view)


Causes a lot of additional HTTP traffic


Session info is lost if HTML (that contains
hidden fields) is lost

2001

Daniel L. Silver

7

Servlets and Cookies


Solution comes from CGI period but has evolved with Java
servlets


Servlets send a small piece of data to the client that gets
written to a secure disk area:


How does the servlet do this?



Cookie c = new Cookie(name, value);





response.addCookie(c)


So the session data (products placed in the users shopping
cart) can be stored in cookie


Or simply an ID can be placed in the cookie and the server
can maintain the session data

2001

Daniel L. Silver

8

Servlets and Cookies


Client browsers will check to see if there is
a cookie associated with any request to a
server (URL) or a particular server/path …
The server can establish the URL specifics:


Cookie c = new Cookie(name, value);


c.setDomain(“eagle.acadiau.ca”);


c.setPath(“/”);


Could be more specific if desired … the
above is the default

2001

Daniel L. Silver

9

Servlets and Cookies


Whenever a new request is sent to the
server it checks to see if a cookie is
included:

Cookie[] cookies = request.getCookies();

for (int i = 0; i < cookies.length; i++) {


Cookie c = cookies[i];


String name = c.getName();


String value = c.getValue();




}

2001

Daniel L. Silver

10

Servlets and Cookies

A cookie is established by the server in the HTTP response
header:


Content
-
type: text/html

Set
-
Cookie: name=value; expires=Sat, 26
-
Aug
-
95 15:45:30 GMT; path=/;
domain=eagle.acadiau.ca


expires= determines the life of the cookie

expires= a negative value (default), then cookie expires when the browser
exits, so it is never written to disk

expires=0 tells the browser to delete the cookie immediately


To set a cookie’s life in seconds use the Cookie method:

setMaxAge(int expiry)

2001

Daniel L. Silver

11

Servlets and Cookies


Example 1


A Session cookie:


http://eagle.acadiau.ca:8080/examples/servlets/index.html


Full source code


http://eagle.acadiau.ca/demo/CookieExample.java


Example 2


A Persistent Cookie


http://eagle.acadiau.ca/demo/PersistentCookieExample.html

-

Full source code


http://eagle.acadiau.ca/demo/PersistentCookieExample.java


Problems with this method?


Cookies have limit life (servlet, browser) and size (4k bytes)


Maximum number of cookies set by browser


User may disable cookie acceptance


Can be inefficient in terms of data communications


2001

Daniel L. Silver

12

Servlets and Cookies


For more information on cookies see


Netscape's Cookie Specification at
http://home.netscape.com/newsref/std/cookie_spec.html


Or RFC 2109 at
http://www.ietf.org/rfc/rfc2109.txt


Or
http://www.cookiecentral.com
.

2001

Daniel L. Silver

13

Servlets and Sessions


Solution is most commonly used with Java
servlets and JSPs


The Servlet JDK comes with HTTP class
that facilitates session management
-

HttpSession


A session is a connection between a client
and server that persists over multiple HTTP
request / responses


2001

Daniel L. Silver

14

Servlets and Sessions


A new session is established by using the
getSession() method of HttpSession class:

HttpSession session = req.getsession(true);


If parameter = “true” the servlet engine checks to
see if an session already exists, if so a handle is
returned, otherwise a new session is created


Therefore, more than one servlet can participate in
a session


Cookies are used to identify a session on the client


2001

Daniel L. Silver

15

Servlets and Sessions

Session objects contain various information:

HttpSession session = request.getSession();


out.println(rb.getString("sessions.id") + " " + session.getId());

out.println("<br>");
[NOTE: rb is a resource bundle class


replace rb.getString() with ASCII text for your own purposes]


out.println(rb.getString("sessions.created") + " ");

out.println(new Date(session.getCreationTime()) + "<br>");


out.println(rb.getString("sessions.lastaccessed") + " ");

out.println(new Date(session.getLastAccessedTime()));


2001

Daniel L. Silver

16

Servlets and Sessions


Data stored as attribute
-
value pairs


Three key HttpSession methods:


setAttribute(dataName, dataValue)


getAttributeNames(), getAttribute(dataName)


Examples:

String dataName = request.getParameter("dataname");

String dataValue = request.getParameter("datavalue");

if (dataName != null && dataValue != null) {


session.setAttribute(dataName, dataValue);

}



Enumeration names = session.getAttributeNames();


while (names.hasMoreElements()) {


String name = (String) names.nextElement();


String value = session.getAttribute(name).toString();


out.println(name + " = " + value + "<br>");


}



2001

Daniel L. Silver

17

Servlets and Sessions


Example:


http://eagle.acadiau.ca:8080/examples/servlets/index.html


Full source code

http://eagle.acadiau.ca/demo/SessionExample.java


Problems with this method?


Normally, HTTPSession terminates when
browser is closed


You may wish to have a business session
(shopping tour) extend beyond browser
closures



THE END


danny.silver@acadiau.ca