Hidden Form Fields Session Tracking Mechanism

Back to: Java Servlets Tutorials

Hidden Form Fields Session Tracking Mechanism in Java Servlet

In this article, I am going to discuss the Hidden Form Fields Session Tracking Mechanism in Java Servlet Application. Please read our previous article where we discussed Cookies in Java Servlet Web Application. Invisible HTML form fields are nothing but hidden form fields. At the end of this article, you will understand the following pointers in detail.

1. What is Hidden Form Fields Session Tracking Mechanism?
2. Hidden Form Fields Real-world application examples
3. What is the difference between session management/session tracking and state management?
4. How hidden form fields are used in a java web application?
5. Hidden Form Filed Example in Java Servlet Application.
6. Advantages of Hidden Form Fields based session tracking technique
7. Disadvantages of Hidden Form Fields based session tracking technique

Hidden Form Fields in Servlet:

Hidden Form Field Session Tracking Mechanism is not an official Session Tracking Mechanism from Servlet API, it was purely the developer’s creation. In Hidden Form Field Session Tracking Mechanism, at each and every request we will pick up all the request parameters, generate a dynamic form, in dynamic form generation we have to maintain the present request parameters data in the form of hidden fields.

In the above context, if we dispatch the response to the client then we are able to get a dynamic form with visible fields and with invisible fields. If we send a request from the dynamic form then automatically all the visible fields data and invisible fields data will be sent to the server as request parameters.

By repeating the above process at each and every request we are able to manage the client’s previous request data at the time of processing the later request. Hidden Box is an invisible text box of the form page, hidden box values go to the server as a request parameter when the form is submitted.

Hidden Form Fields Real-world application examples:

1. To remember user identity during sessions of email-operations.
2. While developing shopping cart applications in online shopping websites where items selected by end-user generating multiple requests will be remembered.
3. To remember user identity during an e-commerce session.
4. To remember credit card/debit card details during a session while performing the web-based online transactions.
5. To remember player identity while playing online games.
6. To remember customer identity while performing online stock brokerage.
7. To remember end-user choices and interests towards the look and appearance of web pages if the website allows customizing the look and appearance.
8. To render direct advertisements on websites.

Note: The advertisement that comes based on the operations performed by the end-user is called “direct advertisement”.

Example: If the end-user is searching for new 7 wonders in the google search engine the google website displays direct advertisements talking about tours and travels.

In session tracking, web application stores and remembers data across the multiple requests only during a session. Once the session between client and web application is completed the web application forgets client data. Storing client data in a database table or in servletContext attributes across the multiple requests does not come under session tracking or session management. Because they remember client data even after session completion and they do not store data and specific to one client.

What is the difference between session management/session tracking and state management?

In the state management technique, the web application remembers the client’s data irrespective of the session that is started and completed using database table and ServletContext attributes support. In session management/tracking, the web application remembers the client’s data only during the session. Once the session is completed this data will go off. For this hidden form fields, cookies, Http session, URL rewriting kind of techniques will be utilized.

The session started between the browser window and web application is specific to each browser window (client). Multiple clients start multiple sessions with a single web application on one per client basis. Session and session-related data always specific to one client so only that client can use session data across the multiple requests during that session.

How hidden form fields are used in a java web application?

Hidden form fields are used to invisibly send user input back to the client which is required in subsequent cycles. There is no servlet API support for hidden form fields. Visible data encapsulated into a request object as name-value pairs. Similarly, hidden form field data also encapsulated into request objects as name-value pairs. By calling the getParameter() method on request object, hidden form fields value is retrieved in a servlet. A hidden form field is created as follows

In Form Page:
<input type=”hidden” name=”h1″ value=”hello”>
where, h1: Hidden box name / Request parameter name
           hello: Hidden box value / Request parameter value

In Servlet Program:
String val1=req.getParameter(“h1”); //gives hello

Hidden Form Filed Example in Java Servlet:

Resources required:

1. register.html
2. web.xml
3. RegistrationServletOne.java
4. RegistrationServletTwo.java

URL: http://localhost:8085/hiddenformfieldsapplication

register.html:

<html>
 <body bgcolor = "cyan">
 <center>
  <h1>WELCOME TO REGISTRATION PAGE</h1>
  <form action="./registerone" METHOD="post">
   Name: <input type="text" name = "name"><br><br>
   Password: <input type="password" name="password"><br><br>
   PROFESSION:
   <select name="profession">
    <option value="engineer">ENGINEER</option>
    <option value="teacher">TEACHER</option>
    <option value="businessman">BUSINESSMAN</option>
   </select><br><br>
   <input type="submit" value="REGISTER">
  </form>
 </center>	
 </body>
</html>

web.xml

<web-app>
  <welcome-file-list>
    <welcome-file>register.html</welcome-file>
  </welcome-file-list>
  <servlet>
    <servlet-name>RegistrationServletOne</servlet-name>
    <servlet-class>RegistrationServletOne</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>RegistrationServletOne</servlet-name>
    <url-pattern>/registerone</url-pattern>
  </servlet-mapping>
  <servlet>
    <servlet-name>RegistrationServletTwo</servlet-name>
    <servlet-class>RegistrationServletTwo</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>RegistrationServletTwo</servlet-name>
    <url-pattern>/registertwo</url-pattern>
  </servlet-mapping>
</web-app>

RegistrationServletOne.java:

import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class RegistrationServletOne extends HttpServlet 
{
 public void doPost(HttpServletRequest request, HttpServletResponse response) 
   throws ServletException, IOException 
 {
  String name = request.getParameter("name");
  String password = request.getParameter("password");
  String profession = request.getParameter("profession");
  response.setContentType("text/html");
  PrintWriter out = response.getWriter();
  out.println("<html><body bgcolor = wheat>");
  out.println("<center>");
  out.println("<h1>COMPLETE THE REGISTRATION</h1>");
  out.println("<form action = ./registertwo method = post");
  out.println("<input type = hidden name = name value =" + name + ">");
  out.println("<input type = hidden name = password value =" + password + ">");
  out.println("<input type = hidden name = profession value =" + profession + ">");
  out.println("EMAIL ID:<input type =text  name = email><br><br>");
  out.println("PHONE NO:<input type =text  name = cell><br><br>");
  out.println("<input type =submit  value=registernow>");
  out.println("</center>");
  out.println("</body></html>");
  out.close();
 }
}

RegistrationServletTwo.java

import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class RegistrationServletTwo extends HttpServlet
{
public void doPost(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException 
 {
  String name = request.getParameter("name");
  String password = request.getParameter("password");
  String profession = request.getParameter("profession");
  String email = request.getParameter("email");
  String cell = request.getParameter("cell");
  response.setContentType("text/html");
  PrintWriter out = response.getWriter();
  out.println("<html><body bgcolor = wheat>");
  out.println("<center>");
  out.println("<h1>REGISTRATION SUCCESSFUL..........</h1>");
  out.println("</center>");
  out.println("</body></html>");
  out.close();
 }
}

Advantages of Hidden Form Fields based session tracking technique in Java Servlet:

1. Basic knowledge of HTML is enough to work with this technique
2. Hidden boxes reside in web pages of the browser windows so they do not provide a burden to the server.
3. This technique can be used along with all kinds of server-side technologies and all kinds of web-servers and application servers.
4. This technique works with both java and non-java servers.

Disadvantages of Hidden Form Fields based session tracking technique in Java Servlet:

1. The hidden box values of the form page can be viewed using the source code of the web page. That means there is no security (data secrecy is not there).
2. Hidden boxes travel over the network along with the request and response. This indicates more network traffic.
3. We cannot store all kinds of java objects in hidden boxes except text/string values.
4. If more hidden boxes should be added to each dynamic form page to preserve client data across the multiple requests.

In the next article, I am going to discuss URL Rewriting Session Tracking Mechanism in Servlet. Here, in this article, I try to explain the Hidden Form Fields Session Tracking Mechanism in Servlet. I hope you enjoy these Hidden Form Fields Session Tracking Mechanism in Java Servlet article.