Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Confused by session management.

 
Zhixiong Pan
Ranch Hand
Posts: 239
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi ranchers,
Because of the lack experience, I am not able to understand session management well. Here is an coding example, and I was trapped in some steps. Please give me some advices.
1. Copy the web.xml deployment descriptor from Exercise 4-1. You'll recall that this
declared the SessionDisplayer servlet.
2. Change each occurrence of SessionDisplayer (name of servlet, name of class,
URL pattern for mapping) to SessionDisplayer2.
Update the SessionDisplayer2 Servlet
3. Copy the Java source file for SessionDisplayer.Java from ex0402/WEBINF/
classes (or its appropriate package directory) to ex0402/WEB-INF/classes (or
appropriate package directory), and rename it to SessionDisplayer2 (make sure
the class declaration reflects this as well).
4. In the code�if you haven't done so already�put an "href" link that recalls this
same SessionDisplayer2 servlet. Encode the URL using the appropriate
HttpServletResponse method.
5. In the web page, display some text that shows whether the session came from the
JSESSIONID cookie or from the URL.
6. Optionally, use the request's get Cookies method to get hold of the
JSESSIONID cookie, and display all the attributes of the cookie that you can on
the web page.
Run the Updated SessionDisplayer2 Servlet
7. Deploy and run the servlet, using a URL such as
8.
http://localhost:8080/ex0402/SessionDisplayer2?getSession=true
9. You're most likely to find that your browser uses cookies as the session
mechanism. To test out the URL redirection method, try turning off cookies
altogether in your browser�or target the domain where your web server (Tomcat)
is running, usually localhost / 127.0.0.1, and turn off cookies for that. Ensure that
you restart your browser before expecting URLs to be used instead of cookies.
10. The screen print below shows part of the output from the solution code, when the
session information is delivered through the JSESSIONID cookie.

I have prepared SessionDisplayer, and not clear about how to realize step 4 and 5 and its purpose. Thank you.
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
4. HttpServletResponse has methods called encodeURL and encodeRedirectURL, depending on what you want to do. Purpose : support for url rewriting (session tracking mechanism)
5. HttpServletRequest has a method called getKookies() where you can check if the JSESSIONID cookie is present. Purpose : determine which session tracking mechanism is being used.

You should read something about "Session Tracking Mechanisms" for servlets.

NOTE : I had to rename the getKookie method otherwise I could not post. It should be "C" instead of "K"
[ March 23, 2007: Message edited by: Satou kurinosuke ]
 
Zhixiong Pan
Ranch Hand
Posts: 239
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Satou,
Glad to hear your voice again
I programmed as following:

Can I summarize that encodeURL will always create a cookie?Thank you.
NOTE : I also renamed the getKookie method.
 
arun shanmugam kumar
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Acording to servlet specs and HFSJ:

The container prepares and send both cookie and url rewriting mechanisms to client side to track session.

From the second time onwards

If browser disables cookie then container uses url rewriting, only if encodeURL method is used to encode the url, to track the subsequent requests.

If browser accepts cookie then cookies are used instead of url rewriting.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic