Session And Cookies In Servlets - Java
761 views
30 slides
Oct 05, 2021
Slide 1 of 30
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
About This Presentation
Detailed analysis on how Session and Cookies work in Servlets - Java.
Slide Content
Session And Cookies In Servlets
Table of Contents 1. Servlets 2. The Problem with HTTP 3. Session Tracking in Servlet 4. Cookies 5. Hidden Form Field 6. URL Rewriting 7. HttpSession 8. Session v/s Cookies
What are Servlets anyway? Java program that runs on servers. Capable of Handling Requests and generating Dynamic Response.
The PROBLEM with HTTP HTTP is used as Protocol to transfer data and information between Client and Server. HTTP (Hypertext Transfer Protocol) is STATELESS. Client - Server Architecture : A Client requests a Server and the Server responses a dynamic page (HTML) when a Servlet processes the requests. Server treats every request as a new request as the state (data) of the user is not saved / maintained. Server won’t remember anything from the first request and does the same task for the new request even if the user is same as the previous one.
Analogy : The University Admission (Stateless)
Without Session - Stateless Management
Live Demonstration
Session Tracking in Servlet Session Tracking is a way to maintain state (data) of an user. It is also known as State Management. Techniques : Cookies Hidden Form Field URL Rewriting HttpSession
Cookies
What are Cookies anyway? Small piece of textual information stored in Key-Value pair in Client’s Browser. Cookie is stored in browser’s cache.
How Does Cookie Work?
1. User Signs Up. Client posts a HTTP request to the server containing username and password. 2. Server receives this request and hashes the password before storing into database.
3. Client logs in. Provides username and password and again a HTTP request is posted to server. 4. Server looks up the username in the database, hashes the supplied login password, and compares it to the previously hashed password in the database.
5. If the credentials are correct, server creates an Access Token, which uniquely identifies the user’s session. 6. We then store the access token in the database associated with that user.
7. Attach the access token with a Cookie returned to client. Now the Cookie has been returned to client and client stores the cookie in browser.
8. On client side now, we are logged in. Every time now a client makes a request for a page that requires authorization (i.e. they need to be logged in), the server obtains the access token from the cookie and checks it against the one in the database associated with that user. If it checks out, access is granted.
Live Demonstration
Hidden Form Field
How does Hidden Form Field Works? A hidden text field is used for maintaining state of an user. We have form in all pages that can be submitted and we can pass user’s data in an hidden field. Does not have to be dependent on browser. Works, even if the cookies are disabled. Extra Form Submission is required to maintain state. Not Ideal.
Live Demonstration
URL Rewriting
How does URL Rewriting Works? We append a query string or token to the URL of the next servlet or the next page. It will be a name - value pair. If multiple data has to be sent then it will be separated by ampersand(&). Works even if the cookies are disabled. No extra form submission. Works with links or hyperlinks.
Live Demonstration
HttpSession
How does HttpSession Works? Session simply means small interval of time. Used for state management. When a client requests a server for the first time, the server creates a Session ID, and stores it with some key value pair like client’s name, email, photo, etc. When the client again requests to the server, the server checks the session, if not expired or destroyed, and allows the client to do tasks, without getting to logged in again. Session expires in three cases: 1. Closing the Browser 2. Time expired 3. Invalidate
Live Demonstration
between Cookies and Session
Session Stores variables in temporary directory in server. Ends when user logout’s or browser closes. Stores unlimited amount of data. A script can use maximum 128 MB. “req.getSession(true)” to create a new session. “req.getSession(false)” to get the already set session. “session.setAttribute(key, value)” to set session values. “session.invalidate()” or “session.setMaxInactiveInterval(seconds)” to destroy session. Sessions are more secured as they are stored in server and encrypted form. Cookies Stores in Client’s (browser). Ends on the lifetime set by user. Stores limited data. Maximum size of Browser’s cookies is 4 KB. “ n ew Cookie(key, value)” to create a new cookie. “resp.addCookie(c)” to add the cookie in the response. “c.setMaxAge(seconds)” to set the expiry time of cookie. Cookies are not secured as data is in textual format and it gets stored in client machine.
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 761
- Slides 30
- Age 1520 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
33 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
31 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
27 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
29 views