Session Tracking Without Cookies
Session tracking is an essential part of most web applications. By nature, the HTTP protocol is connectionless. This means that each time users click on a hyperlink or submit an XHTML form, the browser establishes a new connection to the web server. Once the request is sent and the response is received, the connection between browser and server is broken.
This presents a problem for servlet authors. Although the browser and web server do not maintain a persistent connection between page views, applications must maintain state information for each user. Stateful applications make technologies like shopping carts possible, for instance. With each request from the browser, the servlet must reestablish the identity of the user and locate his session information.
Servlet Session-Tracking API
The traditional servlet approach to session tracking utilizes the
javax.servlet.http.HttpSession
interface. This interface allows a web
application to store information about a user that persists across
page requests. The interface is easy to use, mapping attribute names
to attribute values. The code shown here is part of a servlet that
uses HttpSession
:
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
// retrieve an instance of HttpSession for this user. The "true" parameter
// indicates that the object should be created if it does not exist.
HttpSession session = req.getSession(true);
// retrieve the cart ...
Get Java and XSLT now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.