Embed Size (px)
Citation preview
7Copyright © 2005, Oracle. All rights reserved.
Maintaining State in J2EE Applications
7-2 Copyright © 2005, Oracle. All rights reserved.
Objectives
After completing this lesson, you should be able to do the following:
• Maintain persistent activity from clients by using a browser
• Use the HttpSession object
• Describe state preservation
7-3 Copyright © 2005, Oracle. All rights reserved.
First request
Chris
Second request
Chris
First request
Michelle
Servlet
Overview
7-4 Copyright © 2005, Oracle. All rights reserved.
Session Basics
• The HTTP protocol is stateless.
• The session mechanism guarantees that the object that serves the client knows which client has made a request.
• User requests from the same browser are considered to be from the same client.
7-5 Copyright © 2005, Oracle. All rights reserved.
Session Basics
• Options for identifying the client: Cookies, URL rewriting, hidden fields, HttpSession
• Result: A unique identity assigned to every client
• Options for implementing sessions on the server:– Single-threaded model (not scalable)– HttpSession with a multithreaded server
(Each thread uses the unique identity to process the request.)
7-6 Copyright © 2005, Oracle. All rights reserved.
Threading
Multithreaded model Single-threaded model
Servlet instance 1
Servlet instance 2
Client 1
Client 2
Client 1
Client 2
Both clients using unique sessions, but
sharing the same servlet instance
Both clients using unique sessions and
unique instances
7-7 Copyright © 2005, Oracle. All rights reserved.
URL Rewriting
• URL rewriting:– Every URL that is accessed by the client is rewritten
so that it has the session ID.– Use the encodeURL() method to re-create the path
dynamically.
• URL rewriting is used when a client turns off cookie support in the browser.
7-8 Copyright © 2005, Oracle. All rights reserved.
HttpSession
• The unique identity for the client is an HttpSession object.
• The object is created by using the getSession() method of the HttpRequest object.
• Any servlet that responds to a client request can create this object.
• An object can be potentially shared across several servlets. (Every servlet within an application can identify with this client.)
HttpSession session = req.getSession(true);
7-9 Copyright © 2005, Oracle. All rights reserved.
Session Objects
• With session objects, you can: – Put items into the object (values persist across
multiple invocations from the same client)– Access items from the object– Obtain the session identity– Find out when the session was last accessed
• Items put in a session object can:– Implement the Serializable interface – Be relocated to a different server– Persist across servlet crashes
7-10 Copyright © 2005, Oracle. All rights reserved.
public void doGet(…)… { response.setContentType("text/html"); PrintWriter out = response.getWriter(); HttpSession session = request.getSession(true); String sessionid = session.getId(); Integer sessionCount = (Integer)session.getAttribute("sessionCount"); if (sessionCount == null) { sessionCount = new Integer(0); } else { sessionCount =
new Integer(sessionCount.intValue() + 1); }
session.setAttribute("sessionCount", sessionCount); out.println("<p>Number of requests for the session with
the id of " + "<b>" + sessionid + "</b> is: " + sessionCount);}
Session-Based Page Counter
7-11 Copyright © 2005, Oracle. All rights reserved.
Date dayAgo = new Date( System.currentTimeMillis() - 24*60*60*1000);Date hourAgo = new Date(…) // an hour agoDate created = new Date( session.getCreationTime());Date accessed = new Date(…)if (created.before(dayAgo)|| accessed.before(hourAgo)) { session.invalidate(); session = … //create new}
Session Life Cycle
• A session can expire automatically, or you can explicitly invalidate a session.
• The HttpSession object gets invalidated when a session expires.
7-12 Copyright © 2005, Oracle. All rights reserved.
Session Tracking in OC4J
• J2EE server vendors handle session tracking in different ways.
• Oracle Application Server 10g Containers for J2EE (OC4J):– Uses cookies as the default method for session
tracking (can be disabled by a user or within the application deployment descriptor)
– Does not support auto-encoding, where session IDs are automatically encoded into the URL by the container (an expensive process)
– Causes a session to expire in 20 minutes by default (modified in the deployment descriptor)
7-13 Copyright © 2005, Oracle. All rights reserved.
Sessions and Events
When a servlet stores an object in a session or removes an object from a session, the session checks whether that object implements the HttpSessionBindingListener interface. If it does, then the servlet notifies the object that it has been either:• Bound to the session (by calling the object’s
valueBound() method, which is a good place for initializing client-specific resources)
Or• Unbound from a session (by calling the object’s
valueUnbound() method, which is a good place for releasing resources)
7-14 Copyright © 2005, Oracle. All rights reserved.
Sessions and Events
• An object is bound to a session after the object is passed into the session.setAttribute() method.
• An object is unbound from a session:– After the object is removed by using the
session.removeAttribute() method– When a session is invalidated
7-15 Copyright © 2005, Oracle. All rights reserved.
Sessions and Events
To use the event mechanism, you must perform the following steps:
1. Create a class that implements the HttpSessionBindingListener interface.
2. Instantiate the class.
3. Insert the instantiated object into the HttpSession object by using the setAttribute() method.
7-16 Copyright © 2005, Oracle. All rights reserved.
public class EventObject implements HttpSessionBindingListener { public void valueBound( HttpSessionBindingEvent event) { // connect to the database using this client sess = event.getSession()//which session? // get values from this session object to // identify client information } public void valueUnbound( HttpSessionBindingEvent event) { // release resources }}
Sessions and Events
Example:
7-17 Copyright © 2005, Oracle. All rights reserved.
Creating Distributable Applications
Applications are deployed as “distributable” by specifying the <distributable/> tag in the web.xml file. These applications should be developed to run in a distributed servlet container (such as OC4J) as follows:
• Because the ServletContext attributes exist locally in one Java virtual machine (JVM), the information that must be shared between servlets should be placed in a session, a database, or an EJB.
• HttpSession objects must implement the Serializable interface to be sent between JVMs.
7-18 Copyright © 2005, Oracle. All rights reserved.
Summary
In this lesson, you should have learned how to:
• Instantiate the HttpSession object
• Use the HttpSession object
• Implement the HttpSessionBindingListener interface
7-19 Copyright © 2005, Oracle. All rights reserved.
Practice 7-1: Overview
This practice covers the following topics:
• Creating an HttpSession object
• Tracking an order based on the HttpSession object
