Home arrow Java & J2EE arrow Page 7 - The JSP Files (part 6): State Of Grace

Plan B - Java

Now that you've mastered the basics, it's time to bring out thebig iron. This week, The JSP Files explores the various techniquesavailable to "maintain state" on a JSP-based Web site. Learn about theCookie and Session objects, find out how to build a cookie-based hitcounter, and read about a simple yet effective way of protecting sensitiveWeb pages with the Session object.

  1. The JSP Files (part 6): State Of Grace
  2. Wasted, Dude!
  3. A Few Ground Rules
  4. Learning To Write...
  5. ...And Read
  6. What's In A Name?
  7. Plan B
  8. Session Dissection
  9. Access Denied
By: Vikram Vaswani and Harish Kamath, (c) Melonfire
Rating: starstarstarstarstar / 5
March 26, 2001

print this article


The cookie-based approach is quite common; many Web sites use it, becauseit is flexible, simple, and independent of the server-side language (oncethe cookie has been saved to the client's hard drive, you can read it usingJavaScript, or PHP, or JSP, or ...) The only problem: it is dependent onthe cookie being accepted by the client.

And so, another common approach is the use of a "session" to store specificbits of information when a client visits a Web site; this session data ispreserved for the duration of the visit, and is usually destroyed on itsconclusion. A session can thus be considered a basket of information whichcontains a host of variable-value pairs; these variable-value pairs existfor the duration of the visit, and can be accessed at any point during it.This approach provides an elegant solution to the "stateless" nature of theprotocol, and is used on many of today's largest sites to track andmaintain information for personal and commercial transactions.

Every session created is associated with a unique identification string, or"session ID"; this string is sent to the client, while a temporary entrywith the same unique identification number is created on the server, eitherin a flat file or in a database. It now becomes possible to register anynumber of "session variables" - these are ordinary variables, which can beused to store textual or numeric information, and can be read from, orwritten to, throughout the session.

The session ID is transmitted to the client either via a cookie, or via theURL GET method. The client, in turn, must reference each request with thissession ID, so that the server knows which session each client isassociated with and uses the appropriate session variables for each client.In case the client doesn't support cookies and the URL method is rejectedor not used, session management capabilities and session variables will notbe available to the client, and every request will be treated as though itwere coming for the first time.

Sessions are typically left active for as long as the user's browser isopen, or for a pre-defined period. Once the user's browser is closed, orthe specified time period is exceeded, the session and all variables withinit are automatically destroyed.

>>> More Java & J2EE Articles          >>> More By Vikram Vaswani and Harish Kamath, (c) Melonfire

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- More Java Bugs Lead to More Attacks
- Oracle's Java One Brings News, Surprises
- Oracle Patches Java Runtime Environment
- Apple Syncs Java Update with Oracle
- Spring 3.1 Java Development Framework Compat...
- Jelastic Java PaaS Availability and Pricing ...
- NetBeans 7.1 Released, Supports JavaFX 2
- SolarWinds Releases Newest Version of Java M...
- Free Monitoring Tool for Java Apps on Heroku
- Heroku Adds JCloud Platform Support, Java 7 ...
- Java SE 8 Speculation in Full Swing
- Java SE 7 Now Available
- New JVM Language and Java Reporting Tool
- Java 7 Release Update and New Eclipse Toolkit
- The Best Java Netbeans IDE Plugins

Developer Shed Affiliates


Dev Shed Tutorial Topics: