Session Tracking
Very few web applications are confined to a single page, so having a mechanism for tracking users through a site can often simplify application development. The Web, however, is an inherently stateless environment. A client makes a request, the server fulfills it, and both promptly forget about each other. In the past, applications that needed to deal with a user through multiple pages (for instance, a shopping cart) had to resort to complicated dodges to hold onto state information, such as hidden fields in forms, setting and reading cookies, or rewriting URLs to contain state information.
The Servlet API provides classes and methods specifically
designed to handle session tracking . A servlet can use the session-tracking API to
delegate most of the user-tracking functions to the server. The first
time a user connects to a session-enabled servlet, the servlet simply
creates a javax.servlet.http.HttpSession
object. The
servlet can then bind data to this object, so subsequent requests can
read the data. After a certain amount of inactive time, the session
object is destroyed.
A servlet uses the getSession()
method of HttpServletRequest
to retrieve the current
session object. This method takes a single boolean
argument. If you pass true
and there is no current session object,
the method creates and returns a new HttpSession
object. If you pass false
, the method returns null
if there is no current session object.
For example:
HttpSession thisUser = req.getSession(true); ...
Get Java Enterprise in a Nutshell, Third Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.