SERVLET SESSION TRACKING
Many web sites today provide custom web pages and / or functionality on a client-byclient
basis. For example, some Web sites allow you to customize their home page to
suit your needs. An excellent example of this the Yahoo! Web site. If you go to the
site http://my.yahoo.com/
You can customize how the Yahoo! Site appears to you in future when you revisit the
website. HTTP is a stateless protocol: it provides no way for a server to recognise that
a sequence of requests is all from the same client. Privacy advocates may consider this
a feature, but it causes problems because many web applications aren’t stateless. The
shopping cart application is another classic example—a client can put items in his Servlet Programming
virtual cart, accumulating them until he checks out several page requests later.
Obviously the server must distinguish between clients so the company can determine
the proper items and charge the proper amount for each client.
Another purpose of customizing on a client-by-client basis is marketing. Companies
often track the pages you visit throughout a site so they display advertisements that
are targeted to user’s browsing needs.
To help the server distinguish between clients, each client must identify itself to the
server. There are a number of popular techniques for distinguishing between clients.
In this unit, we introduce one of the techniques called as Session Tracking.
Session tracking is wonderfully elegant. Every user of a site is associated with a
javax.servlet.http.HttpSession object that servlets can use to store or retrieve
information about that user. You can save any set of arbitrary Java objects in a session
object. For example, a user’s session object provides a convenient location for a
servlet to store the user’s shopping cart contents.
A servlet uses its request object’s getSession() method to retrieve the current
HttpSession object:
public HttpSession HttpServletRequest.getSession(boolean create)
This method returns the current session associated with the user making the request. If
the user has no current valid session, this method creates one if create is true or returns
null if create is false. To ensure the session is properly maintained, this method must
be called at least once before any output is written to the response.
You can add data to an HttpSession object with the putValue() method:
public void HttpSession.putValue(String name, Object value)
This method binds the specified object value under the specified name. Any existing
binding with the same name is replaced. To retrieve an object from a session, use
getValue():
public Object HttpSession.getValue(String name)
This methods returns the object bound under the specified name or null if there is no
binding. You can also get the names of all of the objects bound to a session with
getValueNames():
public String[] HttpSession.getValueNames()
This method returns an array that contains the names of all objects bound to this
session or an empty (zero length) array if there are no bindings. Finally, you can
remove an object from a session with removeValue():
public void HttpSession.removeValue(String name)
This method removes the object bound to the specified name or does nothing if there
is no binding. Each of these methods can throw a java.lang.IllegalStateException if
the session being accessed is invalid
ab