Now that you've mastered the basics, it's time to bring out thebig iron. This week, The JSP Files explores the various techniquesavailable to "maintain state" on a JSP-based Web site. Learn about theCookie and Session objects, find out how to build a cookie-based hitcounter, and read about a simple yet effective way of protecting sensitiveWeb pages with the Session object.
It's one of the things geeks say to each other when they want to impressthe young women in earshot: "HTTP is a stateless protocol, and the Internetis a stateless development environment". In simple language, all this meansis that the HyperText Transfer Protocol, which is the backbone of the Web,is unable to retain a memory of the identity of each client that connectsto a Web site, and therefore treats each request for a Web page as a uniqueand independent connection, with no relationship whatsoever to theconnections that preceded it - very similar to the behaviour of some oftoday's more adventurous teenagers, who get drunk every night, wake up thenext morning with no memory at all of what happened, and go out again inthe evening to do the same thing all over again...
Now, so long as you're aimlessly surfing from one site to another, thisworks without a problem. But what if you've decided to buy a few discs fromCDNow.com? In a "stateless environment", it would be very difficult to keeptrack of all the items you've shortlisted for purchase, as the statelessnature of the HTTP protocol would make it impossible to keep track of theitems selected.
Consequently, what is required is a method that makes it possible to"maintain state", something that allows client connections to be trackedand connection-specific data to be maintained. And thus came about"cookies", which allowed Web sites to store client-specific information ina file on the client system, and access the information in the filewhenever required. So, in the shopping cart example above, the itemsselected would be added to the cookie, and would be retrieved and presentedto the customer in a consolidated list during the billing process.
Why are they called "cookies"? The PR agency handling the account wasobviously asleep at the wheel.