Ad
More Related Content
What's hot (20)
Similar to Session And Cookies In Servlets - Java (20)
Ad
Recently uploaded (20)
![Download Wondershare Filmora Crack [2025] With Latest](https://cdn.slidesharecdn.com/ss_thumbnails/neo4j-howkgsareshapingthefutureofgenerativeaiatawssummitlondonapril2024-240426125209-2d9db05d-250419-250428115407-a04afffa-thumbnail.jpg?width=560&fit=bounds)
Ad
Session And Cookies In Servlets - Java
- 1. Session And Cookies In Servlets
- 2. Table of Contents 1. Servlets 2. The Problem with HTTP 3. Session Tracking in Servlet 4. Cookies 5. Hidden Form Field 6. URL Rewriting 7. HttpSession 8. Session v/s Cookies
- 3. What are Servlets anyway? � Java program that runs on servers. � Capable of Handling Requests and generating Dynamic Response.
- 4. The PROBLEM with HTTP � HTTP is used as Protocol to transfer data and information between Client and Server. � HTTP (Hypertext Transfer Protocol) is STATELESS. � Client - Server Architecture : A Client requests a Server and the Server responses a dynamic page (HTML) when a Servlet processes the requests. � Server treats every request as a new request as the state (data) of the user is not saved / maintained. � Server won’t remember anything from the first request and does the same task for the new request even if the user is same as the previous one.
- 5. Analogy : The University Admission (Stateless)
- 6. Without Session - Stateless Management
- 8. Session Tracking in Servlet ● Session Tracking is a way to maintain state (data) of an user. ● It is also known as State Management. Techniques : 1. Cookies 2. Hidden Form Field 3. URL Rewriting 4. HttpSession
- 9. Cookies
- 10. What are Cookies anyway? � Small piece of textual information stored in Key-Value pair in Client’s Browser. � Cookie is stored in browser’s cache.
- 11. How Does Cookie Work?
- 12. 1. User Signs Up. Client posts a HTTP request to the server containing username and password. 2. Server receives this request and hashes the password before storing into database.
- 13. 3. Client logs in. Provides username and password and again a HTTP request is posted to server. 4. Server looks up the username in the database, hashes the supplied login password, and compares it to the previously hashed password in the database.
- 14. 5. If the credentials are correct, server creates an Access Token, which uniquely identifies the user’s session. 6. We then store the access token in the database associated with that user.
- 15. 7. Attach the access token with a Cookie returned to client. Now the Cookie has been returned to client and client stores the cookie in browser.
- 16. 8. On client side now, we are logged in. Every time now a client makes a request for a page that requires authorization (i.e. they need to be logged in), the server obtains the access token from the cookie and checks it against the one in the database associated with that user. If it checks out, access is granted.
- 19. How does Hidden Form Field Works? � A hidden text field is used for maintaining state of an user. � We have form in all pages that can be submitted and we can pass user’s data in an hidden field. � Does not have to be dependent on browser. � Works, even if the cookies are disabled. � Extra Form Submission is required to maintain state. � Not Ideal.
- 21. URL Rewriting
- 22. How does URL Rewriting Works? � We append a query string or token to the URL of the next servlet or the next page. � It will be a name - value pair. � If multiple data has to be sent then it will be separated by ampersand(&). � Works even if the cookies are disabled. � No extra form submission. � Works with links or hyperlinks.
- 24. HttpSession
- 25. How does HttpSession Works? � Session simply means small interval of time. � Used for state management. � When a client requests a server for the first time, the server creates a Session ID, and stores it with some key value pair like client’s name, email, photo, etc. � When the client again requests to the server, the server checks the session, if not expired or destroyed, and allows the client to do tasks, without getting to logged in again. � Session expires in three cases: 1. Closing the Browser 2. Time expired 3. Invalidate
- 29. Session � Stores variables in temporary directory in server. � Ends when user logout’s or browser closes. � Stores unlimited amount of data. � A script can use maximum 128 MB. � “req.getSession(true)” to create a new session. “req.getSession(false)” to get the already set session. � “session.setAttribute(key, value)” to set session values. � “session.invalidate()” or “session.setMaxInactiveInterval(seconds) ” to destroy session. � Sessions are more secured as they are stored in server and encrypted form. Cookies � Stores in Client’s (browser). � Ends on the lifetime set by user. � Stores limited data. � Maximum size of Browser’s cookies is 4 KB. � “new Cookie(key, value)” to create a new cookie. � “resp.addCookie(c)” to add the cookie in the response. � “c.setMaxAge(seconds)” to set the expiry time of cookie. � Cookies are not secured as data is in textual format and it gets stored in client machine.