Professional Documents
Culture Documents
(or)
Session, Session Management &
Client State Persistance
=======================
It means that web servers cant identify this new request is coming from old client
it has been sending request previously.
So for web server every request is a new request, even though client is old client.
What is a session?
A session is a time interval between a client login & logout [or first
request to last request].
Or
For identifying or grouping multiple requests are belongs to the same client
and further for storing & sharing a client's "all requests data" between client and
server in every request & response.
For example:
In mobile recharge operation, the web application must remember mobile number
& recharge amount for the next multiple requests until recharge is completed.
For example:
In a shopping cart application a client keeps on adding items into his cart
in multiple requests. When every request is made, the server should identify in
which clients cart the item is to be added or who is sending checkout request so
that it can charge the amount from correct client.
In first three approaches, requests data can not be stored in server, data is moved
to-&-fro between client & server until last request.
Solution is, from all requests data must be stored in server seperatly for each
client with a unique id (called session id), then session id only must be sent in
every request and respose.
ServletContainer will check for Set-Cookie request header, if exist, then it checks
whether it contains header value with name "jsessionid=BCDGRE5438....." (32 chars)
or not
If doesn't exist, servlet container creates new HttpSession object with sessionid
and one map type buffer object for each session, sends that session object into
servlet service() by wrapping in a request object.
Servlet will further uses that session object to persist client request data.
During the first response servlet container adds jsessionid to response header
"Set-Cookie" and sends to web browser.
Browser stores that information in client harddisk using a temporary file called
"cookie" and resends the jsessionid to web server from the next request onwards.
Q) What are the different ways for changing seesion time out?
A) We have two ways
1. Programmitic approach using
session.setMaxInactiveIntervalTime( 5 );
<session-config>
<session-timeout>5</session-timeout>
</session-config>
Diff #2:
In First approach session time out is applicable to only current
servlet
Diff #3:
In First approach session time out
-> 0 represents session is destroyed immediatly
-> -ve number represents session is never destroyed
General procedure:
1. In websites, we will create session in LoginServlet
2. We will use in BLogic Servlets
3. We will destroy it in LogoutServlet by calling
sesion.invalidate() method
HttpSession Methods:
HttpSession interface provides two set of methods
1. For viewing session information
2. For storing client data in session
Methods for creating session:
======================
public HttpSession getSession()
public HttpSession getSession(boolean create)
A) req.getSession() method always creates new session object and returns its
reference, if session is not existed for this requested client. If already session
is existed, it returns the same session object reference.
req.getSession(false) method will not create new session object, it always returns
existed session object. If session is not existed, it returns null.
Project coding:
In LoginServlet we will call req.getSession() method
to create new session.