Cookies

What is Cookie?
 Small text files send by the browser
 Used to solve Request/Response paradigm.
 Cookie contains:
 Cookie Name
 IP of the web server where the cookie originated
 Unique ID number
A date and timestamp
 Any other pertinent text based information
 Types of Cookies

 Permanent / Persistent Cookies

 Stored on users computer
 Not deleted when the browser is closed.
 Retain user preferences for a particular websites.

 Session / Transient cookies

 Stored on computer memory.
 Automatically deleted when the browser is closed.
 Store Session Id that is not permanently bound to the user.
 Where Cookies are used?

 Shopping Cart Applications

 Online Banking
 Website Tracking
 Sending Cookies to the Client
 Create a Cookie object.
Cookie c = new Cookie("userID", "a1234");
 Set the maximum age.
c.setMaxAge(60*60*24*7); // One week
 Place the Cookie into the HTTP response
Use response.addCookie(c)
 Reading Cookies from the Client
 Call request.getCookies
 This yields an array of Cookie objects.
 Loop down the array, calling getName on each entry until you find the cookie of
interest
 Use the value (getValue) in application-specific way.
String cookieName = "userID";
Cookie[] cookies = request.getCookies();
if (cookies != null) {
for(Cookie cookie: cookies) {
if (cookieName.equals(cookie.getName())) {
doSomethingWith(cookie.getValue());
}

}
}
 Deleting Cookie

 Set the cookie’s value to null

 Set the maximum age of cookie is zero
Cookie c=new Cookie(“myCookie”,””);
c.setMaxAge(0);
response.addCookie( c);
 Using Cookie Attributes

 public void setComment(String comment)

 public String getComment()
 public void setMaxAge(int lifetime)
 public int getMaxAge()
 public String getName()
 public void setPath(String Path)
 public String getPath()
 public void setValue(String Cookievalue)
 public String getValue()
Using Cookies to Remember User
Preferences
 Retrieve the cookies which is stored in your machine using request object.
 Check whether the input field cookie is there or not.
 If there then display in your textbox else keep it null.
 Session
Tracking
 What are Sessions?

 Session is the amount of time, which client takes while

navigating through a web site.
 Sessions are used to maintain state and a visitor’s identity
across multiple requests.
 Session occurs between the time that a client logs into
the desktop environment and the time that the client logs
out.
 Why Session Tracking?
 HTTP is stateless protocol.
 Using Http, the client can:
 Establishes a connection with the webserver
 Issues a request
 Receives a response
 Closes the connection
 Session Management Rules

 Information or state must be stored.

 Each HTTP request must carry an identifier the allows the
web server to process the request in the context of the stored
state.
 Sessions need to have a timeout.
 Methods of Session Tracking

 Cookies
 URLs Rewriting
 Hidden Variables
 Session
 Cookies
 Three steps to creating a new cookie (simple):
1) Create a new Cookie Object
 Cookie cookie = new Cookie (name, value);
2) Set any cookie attributes
 Cookie.setMaxAge (60);
3) Add your cookie to the response object:
 response.addCookie (cookie)

 Disadvantages
 cookies can be deleted / disables by client
 URL Rewriting
 Client appends some extra data on the end of each URL that identifies the
session
 Server associates that identifier with data it has stored about that session
 Advantage
 Works even if cookies are disabled or unsupported
 Disadvantages
 Has a lot of tedious work to do processing to do
 Must encode all URLs that refer to your own site
 Allpages must be dynamically generated (no static HTML pages)
because you need to add user data to url
For eg : response.sendRedirect(“Welcome?name=Neelam”);
 Hidden Fields
 It is a textbox whose visible attribute is set to hidden & whose enterable
attribute is set to off.
 Works only when an HTML form is submitted to web server for further
processing.
<INPUT TYPE="HIDDEN" NAME="session" VALUE="...">

 Advantage
 Works even if cookies are disabled or unsupported

 Disadvantages
 Lots of tedious processing
 All pages must be the result of form submissions
 Session
 Servlets include a built-in Session API:
 Enables you to very easily create applications that depend on
individual user data
 For example:
 Personalization Services
 Maintaining state about the user’s preferences.
 Servlet API Basics

 Access the session object

 Call request.getSession to get HttpSession
object
This is a hashtable associated with the user

HttpSession session = request.getSession();

 Look up information (user data) associated with a session.
 Call getAttribute on the HttpSession object
 cast the return value to the appropriate type
 check whether the result is null.
 Store information in a session.
 Use setAttribute with a key and a value.
 Discard session data.
 Call removeAttribute discards a specific value
associated with a specified “key”
 Call invalidate to discard an entire session (all
user data) will be lost including data created
by other servlets or jsp.
 Getting a Session Object

 To get the user’s session object

 call the getSession() method of the HttpServletRequest

class.
 Example:
HttpSession session = request.getSession();
 If user already has a session
 the existing session is returned.
 If no session exists
 a new one is created and returned.
 If you want to know if this is a new session:
 call the Session isNew() method.
 Disable creation of new sessions
 If you want to disable creation of new sessions:
 pass false to the getSession() method.

 For example:
HttpSession session = request.getSession(false);

 If no current session exists:

 you will now get back a null object.
 Behind the Scenes
 When you call getSession()
 There is a lot going on behind the scenes.
 Each user is automatically assigned a unique session ID.
 How does this sessionID get to the user?
 Option 1:
 If the browser supports cookies
 servlet will automatically create a session cookie
 store the session ID within the cookie.
 Option 2:
 If the browser does not support cookies,
 servlet will try to extract the session ID from the URL.
 Extracting Data
from the Session
 Extracting Data From Session
 The Session object works like a Hash Map

 Hash Map that enables you to store any type of Java object.
 You can therefore store any number of keys and their associated
values.

 To extract an existing object,

 use the getAttribute() method.

 Note: As of Servlet version 2.2,

 the getValue() method is now deprecated.
 Use getAttribute() instead.
 Extracting Data from Session
- getAttribute () method
-Extracts previously stored value from session object
 The getAttribute () method
 will return an Object type,
 so you will need to perform a type cast.

 Example:
Integer accessCount =
(Integer)session.getAttribute("accessCount");

returns an Object type, so you will need to perform a type cast

Extracting Data from Session
 Tip:
 If you want to get a list of all “keys” (or attributes)
associated with a Session,
 use the getAttributeNames() method.
 This getAttributeNames() method
 returns an Enumeration of all Attribute names (keys).
 Additional Session Info.
 The Session API includes methods for determining Session specific information.
 public String getId();
 Returns the unique session ID associated with this user, e.g. gj9xswvw9p
 public boolean isNew();
 Indicates if the session was just created (first time to this servlet).
 public long getCreationTime();
 Indicates when the session was first created in milliseconds since midnight January 1, 1970
(GMT).
 To get value useful for printing, pass value to Date constructor.
 public long getLastAccessedTime();
 Indicates when the session was last sent from the client.
 Returns value in Milliseconds since midnight January 1, 1970 (GMT).
 Additional Methods
 public int getMaxInactiveInterval

 Determine the length of time (in seconds)

 that a session should go without access before
being automatically invalidated.

 public void setMaxInactiveInterval (int seconds)

 Sets the length of time (in seconds) that a session

should go without access before being automatically
invalidated.

 A negative value specifies that the session should

never time out.
Adding Data to the
Session
 Adding Data To Session
 To add data to a session, use the
 setAttribute() method or putvalue()
 and specify the key_name and value.

 Example:
 session.setAttribute("accessCount", accessCount);

key Value

 To remove a value, you can use the following:

 removeAttribute (String name) method.
 Terminating Sessions
 public void invalidate()
 If the user does not return to a servlet for XX minutes*,
 the session is automatically invalidated and deleted.

 If you want to manually invalidate the session,

 you can call invalidate().

*** For the exact number of Minutes before automatic expiration,

check the getMaxInactiveInterval() method.