Manikesh makes a call to one departmental store and order some items; they don’t track user record separately, meaning no user Id for Manikesh, no unique identification to Manikesh. He calls them again and changes the order, since they did not track they could not know what Manikesh ordered earlier, same time Neeraj calls them and orders something. Now the real problem starts as they dint know who ordered what, items got replaced, meaning Manikesh got something which Neeraj ordered and he got something what Manikesh ordered
When client sends a request to server, it looks for requested result and sends it back to the client. It does not know who was the client and from where request came and all. So next time when same client sends request, server does not have any info about that client. This situation was making web application little complicated as HTTP is by design a stateless protocol. This is where session came in to picture.
As an web application server, it might get plenty of request at same time and if client details are not being traced, it’s highly possible that some confusion might take place and proper response might not reach to proper client.To avoid such mess up, Session came into picture.
Session management helps server to track record of each client when ever request came across. It will record all information related to client, what it requested last, how many times same item was request and etc.
A HttpSession object can track record of all conversation happened between multiple request from same client. It lets you track everything what came as request form client throughout the application.
The big question was how a server identifies who was the client and who made request.
Connection between client and server exists only for a single request as HTTP is state less protocol it sends the request, get the response and close off the connection.
Simple step: On every first request from client, server creates and unique session id for that client and client is supposed to send next request along with session id so that server can easily identify the client.
Multiple ways how session ID can be tracked between client and server:
1. Cookie--> it is best and simplest way to track the session ID. When a client sends first request to server , server creates cookie at client machine and store the session id there, next time when
Same client makes request, server looks for the session ID from cookie in request. You have to write a one line code and rest all will be taken care automatically.
HttpSession session = request.getSession();
getSession(Boolean value) this method takes Boolean as parameter, it’s by default true, means it will create session for you if no pre existing session available.\
if you want only pre existing session then pass false, it will give you only existing session, it will not create new one for you.
Note: Cookies are not only meant for session handling, it can be used to exchange the name/value string pairs b/w server and client. Cookies get lost if browser closes of but you can retain it even if browser shuts down.
2. URL Rewriting --> what will happen if someone disables the cookie? How we will track session in this case. Server has another option as URL rewriting to track session.
In your requested URL you just have to add “ jsessionID=?????????”
Note: You should encode URL before you start sending it for response, and URL rewriting will work only when Cookies are failing.
Eg. response.encodeRedirectURL(“/xxxx.do”);
HttpSession Interface: This interface has got some really helpful methods which will help you to track session.
1. getCreationTime()
2. getLastAccessedTime()
3. setMaxInactiveInterval()
4. getMaxInactiveInterval()
5. invalidate() this method will help you if you want to get rid of session, just call this method as session.invalidate(), it will destroy the session, other way to time out a session is to set in web.xml file.
This is all I had to share on session, there is much more info to be shared… hope this helps.
No comments:
Post a Comment