What is Session Tracking ?


The Servlet API provides two ways to track client state:

Session Tracking


Session tracking is a mechanism that servlets use to maintain state about a series of requests from the same user (that is, requests originating from the same browser) across some period of time.

Cookies


Cookies are a mechanism that a servlet uses to have clients hold a small amount of state-information associated withthe user. Servlets can use the information in a cookie as the user enters a site (as a low-security user sign-on, for example), as the user navigates around a site (as a repository of user preferences for example), or both.

Session Tracking


Session tracking is a mechanism that servlets use to maintain state about a series of requests from the same user (that is, requests originating from the same browser) across some period of time.
Sessions are shared among the servlets accessed by a client. This is convenient for applications made up of multiple servlets. 

For example, Duke's Bookstore uses session tracking to keep track of the books being ordered by a user.

All the servlets in the example have access to the user's session.

                         

To use session tracking,
· Get a session (an HttpSession object) for a user.
· Store or get data from the HttpSession object.
· Invalidate the session (optional).


Obtaining a Session


The getSession method of the HttpServletRequest object returns a user's session. When you call the
method with its create argument as true, the implementation creates a session if necessary.
To properly maintain the session, you must call getSession before any output is written to the response. (If you respond using a Writer, then you must call getSession before accessing the Writer, not just before sending any response data.)

The Duke's Bookstore example uses session tracking to keep track of the books in the user's shopping cart. Here is an example of the CatalogServlet getting a session for a user:

// Get the user's session and shopping cart

HttpSession session = request.getSession(true);

Storing and Getting Data from a Session

The HttpSession interface provides methods that store and return:
· Standard session properties, such as a session identifier
· Application data, which is stored as a name-value pair, where the name is a String and the value is an object in the Java programming language. (This is like java.util.Dictionary.) Because multiple
servlets have access to a user's session, you should adopt a naming convention for organizing the names associated with application data. This avoids servlets accidentally overwriting each other's values in the session. One such convention is servletname.name where servletname is the full name of the servlet, including its packages. 

For example, com.acme.WidgetServlet.state is a cookie with the

servletname com.acme.WidgetServlet and the name state.

The Duke's Bookstore example uses session tracking to keep track of the books in the user's shopping cart. Here is an example of the CatalogServlet getting a user's session identifier, and getting and setting the application data associated with the user's session:

HttpSession session = request.getSession(true);
ShoppingCart cart = (ShoppingCart)session.getAttribute("examples.bookstore.cart");

// If the user has no cart, create a new one

if (cart == null) {
cart = new ShoppingCart();
session.putAttribute("examples.bookstore.cart", cart);
}
...
Because an object can be associated with a session, the Duke's Bookstore example keeps track of the books that a user has ordered within an object. The object is type ShoppingCart and each book that a user orders is stored in the shopping cart as a ShoppingCartItem object. For example, the following comes from further down in the doGet method of the CatalogServlet:

//If the user wants to add a book, add it and print the result

String bookToAdd = request.getParameter("Buy");
if (bookToAdd != null) {
BookDetails book = database.getBookDetails(bookToAdd);
cart.add(bookToAdd, book);

Finally, note that a session can be designated as new. A new session causes the isNew method of the
HttpSession class to return true, indicating that, for example, the client does not yet know about the session. A new session has no associated data.

You must deal with situations involving new sessions. In the Duke's Bookstore example above, if the
user has no shopping cart (the only data associated with a session), the servlet creates a new one.
Alternatively, if you need information from the user to start a session (such as a user-name), you might want to redirect the user to an "starting page" where you collect the necessary information.

Invalidating the Session


A user's session can be invalidated manually or, depending on where the servlet is running, automatically. (For example, the Java Web Server automatically invalidates a session when there have been no page requests in some period of time, 30 minutes by default.) To invalidate a session means to remove the HttpSession object and its values from the system.

To manually invalidate a session, use the session's invalidate method. Some applications have a natural point at which to invalidate the session. 

The Duke's Bookstore example invalidates a user's session after the user has bought the books. This happens in the ReceiptServlet:

// Clear out shopping cart by invalidating the session

session.invalidate();

Keywords: session tracking,cookies, servlet, advance java, invalidate a session,