Back to: Java Servlets Tutorials
Session Tracking in Java Servlet
In this article, I am going to discuss Session Tracking in Java Servlet. Please read our previous article where we discussed Servlet Scopes in Java Web Application. At the end of this article, you will understand the following pointers in detail.
- How protocols are classified?
- Understanding Stateless and Stateful protocols.
- Why HTTP is designed as a stateless protocol? What is the problem if HTTP comes as a stateful protocol?
- What is the purpose of session tracking/ session management?
- What is a Session?
- What is session tracking?
- How to implement session tracking in a java web application?
- What happens in the background when the getSession() method is called on the HttpServletRequest object?
- Examples of real-time implementation of session tracking.
- Why we need Session Tracking?
- What are the different session tracking techniques?
- Why Session Tracking?
How protocols are classified?
Protocols are classified into two types such as
- Stateless protocol
- Stateful protocol
The stateless behavior of web application is nothing but while processing current requests in any web resource program we cannot use previous request data that means while processing request2 we cannot use request1 data similarly while processing request3 we cannot use request1 and request2 data.
HTTP is a stateless protocol. Web applications are stateless because the protocol HTTP is given as a stateless protocol. According to this one new connection will be created between the browser window and web server for every request and this connection will be closed automatically once request related response goes to the browser window.
For example, if the browser window gives 10 requests to a web application then 10 connection will be created between the browser window and web server due to this, one connection related client’s data cannot be used in other connection-related clients processing that means we cannot use previous request data while processing current request.
If the web application is capable of remembering client data during a session across multiple requests then that web application is called a stateful web application.
FTP is a web application. In a stateful web application, the web resource programs can use the data of the previous requests while processing the current requests that means while processing request2 it can use request1 data and etc.
By placing <form> tag, <input> tag in out.println() statements of servlet program we can generate dynamic form page from that servlet program.
In the naukari.com registration process, multiple forms will be there. In that, the first form page is a static form page and other form pages are dynamic form page. In that, based on the data given on the form page1 the questions on the form page2 will be rendered. Similarly based on the data on the form page2 the questions on the form page3 will be rendered. Web applications are stateless because they are using a stateless protocol called HTTP.
Why HTTP is designed as a stateless protocol? What is the problem if HTTP comes as a stateful protocol?
If HTTP is a stateful protocol for multiple requests given by the client to a web application, a single connection is used between the browser window and web server across multiple requests. This may make the client engage in connection with the webserver for a long time even though the connections are idle. Due to this, the webserver may reach maximum connections even though most of its connections are idle.
To overcome that problem HTTP is given as stateless. So, no client can engage in connection with a web server for a long time more ever the connection will be closed automatically at the end of each request-related response generation. In the internet environment since there is a chance of having a huge number of clients for each website, it is given as stateless behavior.
Note: HTTP provides better performance but possess some challenges to the application developers as user interaction to the website should be stateful.
What is the purpose of session tracking/ session management?
To make the user interaction with the website stateful we go for session tracking. OR
Session tracking/ session management is all about making the web application a stateful web application by remembering client data across the multiple requests during a session
What is a Session?
In general, the time period between user login and logout is known as a session. In a java web application, a session is nothing but an instance of javax.servlet.http.HttpSession interface.
What is session tracking?
Keeping track of user interaction with the website in a series of client-server interactions is nothing but session tracking. Two things are involved in session tracking
- User/client identification
- State management (dealing with user data)
How to implement session tracking in a java web application?
Step1: Create (or get the reference of) HttpSession object
HttpSession session = request.getSession();
Step2: deals with clients/users state(data)
For state management, 4 attribute methods of HttpSession interface are used. setAttribute(), getAttribute(), removeAttribute(), getAttributeNames() are used to deal with user data during session tracking.
Step3: End the session
What happens in the background when the getSession() method is called on the HttpServletRequest object?
When the getSession() method is called on the request object, the following things happen in order.
The request object is evaluated for incoming session id from the client request. Two cases may arise
Case1: Session-Id not found
- The container creates a brand-new session object. It also generates a new session id for that object. Session id and session object (reference) are kept in the Hash map object as a key-value pair.
- The session id is written into the HttpServletResponse object.
- Session object reference is returned to the servlet (doGet()/ doPost() method of the servlet).
Case2: Session id is found in the requests.
- The session picks the session id from the request object. Searches for the session object in HashMap by using the session id as search criteria.
- The container does not create a new brand HttpSession object. It retrieves already existing session reference. The session id is written into a response object.
- A session object reference is returned to the servlet.
Give some examples of real-time implementation of session tracking.
- Remembering email id and password during gmail.com email operations.
- Remembering username and password during online shopping operations on the website.
- Remembering previous forms data until last form data arrives on online applications/registrations.
Why need Session Tracking?
As part of the web application development, it is essential to manage the client’s previous request data at the time of processing later request. To achieve the above requirement if we use a request object then the container will create the request object when it receives a request from the client and the container will destroy the request object when it dispatches a response to the client. Due to this reason request object is not sufficient to manage clients previous request data at the time of processing later request.
To achieve the above requirement, we able to use the ServletContext object, but the ServletContext object will share its data to all the components which are used in the present applications and to all the users of the present web application. Due to this reason, the ServletContext object is unable to provide a clear-cut separation between multiple users.
In web applications, to manage the client’s previous request data at the time of processing later request and to provide separation between multiple users we need to set of mechanisms explicitly at the server-side called Session Tracking Mechanisms.
The session is a time duration; it will start from the starting point of client conversation with the server and will terminate at the ending point of client conversation with the server. The data which we transferred from client to server through multiple requests during a particular session then that data is called State of the Session.
In general, in web applications, a container will prepare a request object similarly to represent a particular user we have to prepare a separate session. In this context, to keep track of all the session objects at the server machine we need to set of explicit mechanisms called Session Tracking Mechanisms.
What are the different session tracking techniques?
Even though HTTP is the stateless protocol we need to make our web application stateful web applications, for this we need to work with the session tracking techniques. In web applications, there are 4 types of Session Tracking Mechanisms:
- HttpSession Session Tracking Mechanism
- Cookies Session Tracking Mechanism
- URL-Rewriting Session Tracking Mechanism
- Hidden Form Fields Session Tracking Mechanism
From the above Session Tracking Mechanisms Servlet API has provided the first 3 Session Tracking Mechanisms as official mechanisms, Hidden Form Fields Session Tracking Mechanisms is purely developers’ creation.
Note: In our next four articles, we will discuss the above four-session tracking techniques in detail with examples.
Why Session Tracking?
Session Tracking is used to recognize a particular user. It is a way to maintain the state (data) of the user about a series of requests from the same user (that is, requests originating from the same browser) across the same period of time. Each time the user requests to the server, the server always treats the request as the new request.
In the next article, I am going to discuss Cookies in Servlet. Here, in this article, I try to explain Session Tracking in Java Servlet. I hope you enjoy this Session Tracking in Java Servlet article.