SESSION TRACKING IN SERVLETS

Session simply means a particular interval of time.

Session Tracking is a way to maintain state (data) of an user. It is also known as session management in servlet.

Http protocol is a stateless so we need to maintain state using session tracking techniques. Each time user requests to the server, server treats the request as the new request. So we need to maintain the state of an user to recognize to particular user.

HTTP is stateless that means each request is considered as the new request. It is shown in the figure given below:

Why use Session Tracking?

To recognize the user It is used to recognize the particular user.

---

Session Tracking Techniques

There are four techniques used in Session tracking:

1. Cookies
2. Hidden Form Field
3. URL Rewriting
4. HttpSession

Servlet Login and Logout Example using Cookies

A cookie is a kind of information that is stored at client side.

In the previous page, we learned a lot about cookie e.g. how to create cookie, how to delete cookie, how to get cookie etc.

Here, we are going to create a login and logout example using servlet cookies.

In this example, we are creating 3 links: login, logout and profile. User can't go to profile page until he/she is logged in. If user is logged out, he need to login again to visit profile.

In this application, we have created following files.

1. index.html
2. link.html
3. login.html
4. LoginServlet.java
5. LogoutServlet.java
6. ProfileServlet.java
7. web.xml

File: index.html

1. <!DOCTYPE html>  
2. <html>  
3. <head>  
4. <meta charset="ISO-8859-1">  
5. <title>Servlet Login Example</title>  
6. </head>  
7. <body>  
8.   
9. <h1>Welcome to Login App by Cookie</h1>  
10. <a href="login.html">Login</a>|  
11. <a href="LogoutServlet">Logout</a>|  
12. <a href="ProfileServlet">Profile</a>  
13.   
14. </body>  
15. </html>  

---

File: link.html

1. <a href="login.html">Login</a> |  
2. <a href="LogoutServlet">Logout</a> |  
3. <a href="ProfileServlet">Profile</a>  
4. <hr>  

---

File: login.html

1. <form action="LoginServlet" method="post">  
2. Name:<input type="text" name="name"><br>  
3. Password:<input type="password" name="password"><br>  
4. <input type="submit" value="login">  
5. </form>  

---

File: LoginServlet.java

1. package com.javatpoint;  
2.   
3. import java.io.IOException;  
4. import java.io.PrintWriter;  
5. import javax.servlet.ServletException;  
6. import javax.servlet.http.Cookie;  
7. import javax.servlet.http.HttpServlet;  
8. import javax.servlet.http.HttpServletRequest;  
9. import javax.servlet.http.HttpServletResponse;  
10. public class LoginServlet extends HttpServlet {  
11.     protected void doPost(HttpServletRequest request, HttpServletResponse response)  
12.                            throws ServletException, IOException {  
13.         response.setContentType("text/html");  
14.         PrintWriter out=response.getWriter();  
15.           
16.         request.getRequestDispatcher("link.html").include(request, response);  
17.           
18.         String name=request.getParameter("name");  
19.         String password=request.getParameter("password");  
20.           
21.         if(password.equals("admin123")){  
22.             out.print("You are successfully logged in!");  
23.             out.print("<br>Welcome, "+name);  
24.               
25.             Cookie ck=new Cookie("name",name);  
26.             response.addCookie(ck);  
27.         }else{  
28.             out.print("sorry, username or password error!");  
29.             request.getRequestDispatcher("login.html").include(request, response);  
30.         }  
31.           
32.         out.close();  
33.     }  
34.   
35. }  

---

File: LogoutServlet.java

1. package com.javatpoint;  
2.   
3. import java.io.IOException;  
4. import java.io.PrintWriter;  
5. import javax.servlet.ServletException;  
6. import javax.servlet.http.Cookie;  
7. import javax.servlet.http.HttpServlet;  
8. import javax.servlet.http.HttpServletRequest;  
9. import javax.servlet.http.HttpServletResponse;  
10. public class LogoutServlet extends HttpServlet {  
11.     protected void doGet(HttpServletRequest request, HttpServletResponse response)  
12.                         throws ServletException, IOException {  
13.         response.setContentType("text/html");  
14.         PrintWriter out=response.getWriter();  
15.           
16.           
17.         request.getRequestDispatcher("link.html").include(request, response);  
18.           
19.         Cookie ck=new Cookie("name","");  
20.         ck.setMaxAge(0);  
21.         response.addCookie(ck);  
22.           
23.         out.print("you are successfully logged out!");  
24.     }  
25. }  

---

File: ProfileServlet.java

1. package com.javatpoint;  
2.   
3. import java.io.IOException;  
4. import java.io.PrintWriter;  
5. import javax.servlet.ServletException;  
6. import javax.servlet.http.Cookie;  
7. import javax.servlet.http.HttpServlet;  
8. import javax.servlet.http.HttpServletRequest;  
9. import javax.servlet.http.HttpServletResponse;  
10. public class ProfileServlet extends HttpServlet {  
11.     protected void doGet(HttpServletRequest request, HttpServletResponse response)  
12.                           throws ServletException, IOException {  
13.         response.setContentType("text/html");  
14.         PrintWriter out=response.getWriter();  
15.           
16.         request.getRequestDispatcher("link.html").include(request, response);  
17.           
18.         Cookie ck[]=request.getCookies();  
19.         if(ck!=null){  
20.          String name=ck[0].getValue();  
21.         if(!name.equals("")||name!=null){  
22.             out.print("<b>Welcome to Profile</b>");  
23.             out.print("<br>Welcome, "+name);  
24.         }  
25.         }else{  
26.             out.print("Please login first");  
27.             request.getRequestDispatcher("login.html").include(request, response);  
28.         }  
29.         out.close();  
30.     }  
31. }  

---

File: web.xml

1. <?xml version="1.0" encoding="UTF-8"?>  
2. <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"   
3. xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee   
4. http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">  
5.     
6.   <servlet>  
7.     <description></description>  
8.     <display-name>LoginServlet</display-name>  
9.     <servlet-name>LoginServlet</servlet-name>  
10.     <servlet-class>com.javatpoint.LoginServlet</servlet-class>  
11.   </servlet>  
12.   <servlet-mapping>  
13.     <servlet-name>LoginServlet</servlet-name>  
14.     <url-pattern>/LoginServlet</url-pattern>  
15.   </servlet-mapping>  
16.   <servlet>  
17.     <description></description>  
18.     <display-name>ProfileServlet</display-name>  
19.     <servlet-name>ProfileServlet</servlet-name>  
20.     <servlet-class>com.javatpoint.ProfileServlet</servlet-class>  
21.   </servlet>  
22.   <servlet-mapping>  
23.     <servlet-name>ProfileServlet</servlet-name>  
24.     <url-pattern>/ProfileServlet</url-pattern>  
25.   </servlet-mapping>  
26.   <servlet>  
27.     <description></description>  
28.     <display-name>LogoutServlet</display-name>  
29.     <servlet-name>LogoutServlet</servlet-name>  
30.     <servlet-class>com.javatpoint.LogoutServlet</servlet-class>  
31.   </servlet>  
32.   <servlet-mapping>  
33.     <servlet-name>LogoutServlet</servlet-name>  
34.     <url-pattern>/LogoutServlet</url-pattern>  
35.   </servlet-mapping>  
36. </web-app>  

2) Hidden Form Field

In case of Hidden Form Field a hidden (invisible) textfield is used for maintaining the state of an user.

In such case, we store the information in the hidden field and get it from another servlet. This approach is better if we have to submit form in all the pages and we don't want to depend on the browser.

Let's see the code to store value in hidden field.

1. <input type="hidden" name="uname" value="Vimal Jaiswal">  

Here, uname is the hidden field name and Vimal Jaiswal is the hidden field value.

---

Real application of hidden form field

It is widely used in comment form of a website. In such case, we store page id or page name in the hidden field so that each page can be uniquely identified.

---

Advantage of Hidden Form Field

1. It will always work whether cookie is disabled or not.

Disadvantage of Hidden Form Field:

1. It is maintained at server side.
2. Extra form submission is required on each pages.
3. Only textual information can be used.

---

Example of using Hidden Form Field

In this example, we are storing the name of the user in a hidden textfield and getting that value from another servlet.

index.html

1. <form action="servlet1">  
2. Name:<input type="text" name="userName"/><br/>  
3. <input type="submit" value="go"/>  
4. </form>  

FirstServlet.java

1. import java.io.*;  
2. import javax.servlet.*;  
3. import javax.servlet.http.*;  
4.   
5. public class FirstServlet extends HttpServlet {  
6. public void doGet(HttpServletRequest request, HttpServletResponse response){  
7.         try{  
8.   
9.         response.setContentType("text/html");  
10.         PrintWriter out = response.getWriter();  
11.           
12.         String n=request.getParameter("userName");  
13.         out.print("Welcome "+n);  
14.           
15.         //creating form that have invisible textfield  
16.         out.print("<form action='servlet2'>");  
17.         out.print("<input type='hidden' name='uname' value='"+n+"'>");  
18.         out.print("<input type='submit' value='go'>");  
19.         out.print("</form>");  
20.         out.close();  
21.   
22.                 }catch(Exception e){System.out.println(e);}  
23.     }  
24.   
25. }  

SecondServlet.java

1. import java.io.*;  
2. import javax.servlet.*;  
3. import javax.servlet.http.*;  
4. public class SecondServlet extends HttpServlet {  
5. public void doGet(HttpServletRequest request, HttpServletResponse response)  
6.         try{  
7.         response.setContentType("text/html");  
8.         PrintWriter out = response.getWriter();  
9.           
10.         //Getting the value from the hidden field  
11.         String n=request.getParameter("uname");  
12.         out.print("Hello "+n);  
13.   
14.         out.close();  
15.                 }catch(Exception e){System.out.println(e);}  
16.     }  
17. }  

web.xml

1. <web-app>  
2.   
3. <servlet>  
4. <servlet-name>s1</servlet-name>  
5. <servlet-class>FirstServlet</servlet-class>  
6. </servlet>  
7.   
8. <servlet-mapping>  
9. <servlet-name>s1</servlet-name>  
10. <url-pattern>/servlet1</url-pattern>  
11. </servlet-mapping>  
12.   
13. <servlet>  
14. <servlet-name>s2</servlet-name>  
15. <servlet-class>SecondServlet</servlet-class>  
16. </servlet>  
17.   
18. <servlet-mapping>  
19. <servlet-name>s2</servlet-name>  
20. <url-pattern>/servlet2</url-pattern>  
21. </servlet-mapping>  
22.   
23. </web-app>