In previous chapter I have explained various ways of session tracking (cookie, hidden form field, url rewriting). In this chapter I will explain one more way of session tracking which is HttpSession.
Sessions are server-side files that contain user information, while Cookies are client-side files that contain user information. Sessions have a unique identifier that maps them to specific users. This identifier can be passed in the URL or saved into a session cookie.
Create the session
The HttpServletRequest interface provides two methods to get the object of HttpSession (javax.servlet.http.HttpSession)-
But apart from these methods, some method are also commonly use-
Let's try to understand what happen, when create the session by below diagram-
Above diagram shows that when session object with unique id created by container, This sessions identifier that maps them to specific users. This identifier can be passed in the URL or saved into a session cookie. And later consecutive browser request will include this identifier with it and send to container to identify correct user specific session object.
Store the value/attribute inside Session
To store the value inside session object we can use setAttribute() method. It has two parameter first is for key and second is for value.Session internally uses map to store the value. Hence takes key/value pare from parameter.
session.setAttribute("key", "value");
e.g.
Retrieve the value/attribute from session
To retrieve the value from session we can use getAttribute method()
e.g.
Delete the session
To delete the session use invalidate() method-
e.g
But sometime when user login to the application after Session Times out,we may not
need his previous session data and we need to create a new session for the user.
We can also use
By default time session timeout for tomcat is 30min
We can also configure this timeout value in descriptor file -
Let's take example of session-
Sessions are server-side files that contain user information, while Cookies are client-side files that contain user information. Sessions have a unique identifier that maps them to specific users. This identifier can be passed in the URL or saved into a session cookie.
Create the session
The HttpServletRequest interface provides two methods to get the object of HttpSession (javax.servlet.http.HttpSession)-
- public HttpSession getSession():Returns the current session associated with this request, or if the request does not have a session, creates one.
- public HttpSession getSession(boolean create):Returns the current HttpSession associated with this request or, if there is no current session and create is true, returns a new session.
protected void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
HttpSession session = request.getSession();
}
HttpServletResponse response)
throws ServletException, IOException {
HttpSession session = request.getSession();
}
But apart from these methods, some method are also commonly use-
- public String getId():Returns a string containing the unique identifier value.
- public long getCreationTime():Returns the time when this session was created, measured in milliseconds since midnight January 1, 1970 GMT.
- public long getLastAccessedTime():Returns the last time the client sent a request associated with this session, as the number of milliseconds since midnight January 1, 1970 GMT.
- public void invalidate():Invalidates this session then unbinds any objects bound to it.
Let's try to understand what happen, when create the session by below diagram-
Above diagram shows that when session object with unique id created by container, This sessions identifier that maps them to specific users. This identifier can be passed in the URL or saved into a session cookie. And later consecutive browser request will include this identifier with it and send to container to identify correct user specific session object.
Store the value/attribute inside Session
To store the value inside session object we can use setAttribute() method. It has two parameter first is for key and second is for value.Session internally uses map to store the value. Hence takes key/value pare from parameter.
session.setAttribute("key", "value");
e.g.
session.setAttribute("userName", "XXXX");
Retrieve the value/attribute from session
To retrieve the value from session we can use getAttribute method()
e.g.
String userName = (String) session.getAttribute("userName");
Delete the session
To delete the session use invalidate() method-
e.g
// Get the existing session.
HttpSession session = request.getSession(false);
// Invalidate the existing session, to ensure that all previous session data(s) for the user is removed //from the context.
if(session!=null) {
session.invalidate();
}
HttpSession session = request.getSession(false);
// Invalidate the existing session, to ensure that all previous session data(s) for the user is removed //from the context.
if(session!=null) {
session.invalidate();
}
But sometime when user login to the application after Session Times out,we may not
need his previous session data and we need to create a new session for the user.
// Get the existing session.
HttpSession session = request.getSession(false);
if(session!=null) {
session.invalidate();
}
// Create a new session for the user.
session = request.getSession(true);
HttpSession session = request.getSession(false);
if(session!=null) {
session.invalidate();
}
// Create a new session for the user.
session = request.getSession(true);
We can also use
setMaxInactiveInterval(int interval)
method to set the minimum time to session will be kept alive by the
server when it doesn't get accessed by a client. if you use this method then explicitly no need to call invalidate() method.By default time session timeout for tomcat is 30min
We can also configure this timeout value in descriptor file -
<session-config>
<session-timeout>10</session-timeout>
</session-config> Let's take example of session-
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
// getting current HttpSession associated with this request or, if there
// is no current session and create is true, returns a new session.
HttpSession session = request.getSession(true);
out.println("Session ID: " + session.getId() );
out.println("Is it a new session: " + session.isNew());
out.println("Session Creation time: " + session.getCreationTime());
out.println(new Date(session.getCreationTime()));
out.println("Last accessed time: " + session.getLastAccessedTime());
out.println(new Date(session.getLastAccessedTime()));
out.println("Max in active time interval: " + session.getMaxInactiveInterval());
// Checks whether the requested session ID came in as a cookie
out.println("Session ID came in as a cookie: "+ request.isRequestedSessionIdFromCookie());
Enumeration names = session.getAttributeNames();
while (names.hasMoreElements()) {
String name = (String) names.nextElement();
String value = session.getAttribute(name).toString();
out.println(name + " = " + value );
}
}
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
// getting current HttpSession associated with this request or, if there
// is no current session and create is true, returns a new session.
HttpSession session = request.getSession(true);
out.println("Session ID: " + session.getId() );
out.println("Is it a new session: " + session.isNew());
out.println("Session Creation time: " + session.getCreationTime());
out.println(new Date(session.getCreationTime()));
out.println("Last accessed time: " + session.getLastAccessedTime());
out.println(new Date(session.getLastAccessedTime()));
out.println("Max in active time interval: " + session.getMaxInactiveInterval());
// Checks whether the requested session ID came in as a cookie
out.println("Session ID came in as a cookie: "+ request.isRequestedSessionIdFromCookie());
Enumeration names = session.getAttributeNames();
while (names.hasMoreElements()) {
String name = (String) names.nextElement();
String value = session.getAttribute(name).toString();
out.println(name + " = " + value );
}
}
No comments:
Post a Comment