Session Tracking in Java

In the world of the web, a session is the amount of time in which any two systems interact with each other. Those two systems can have a peer-to-peer or client-server relationship with each other. However, the problem is, in HTTP protocol, the state of the communication is not maintained, i.e., HTTP is a stateless protocol. Session Tracking in Java is used to tackle this problem with the help of servlets.

Cookies

To accomplish session tracking in the Java, one of the most commonly used techs is cookies. The cookies have information in the form of key-value pair. It sent by the server to the client's browser. It is saved by the browsers in the client system. However, cookies are not effective for tracking the session. The disadvantages of the cookies are:

1) Only the textual information can be kept by cookies.

2) Cookies are browser-dependent. Therefore, if someone on the client-side disables the cookies, then the web application can never make use of the cookies.

3) An individual cookie cannot contain a lot of information. The size of an individual cookie cannot exceed 4kb.

HttpSession Interface

The Java servlets provide the HttpSession Interface that gives a way to spot a particular user among multiple page requests or to keep the information about that user. In fact, the Java servlets use the HttpSession interface to establish a connection between the HTTP server and the HTTP client.

The HttpSession interface facilitates the servlets to:

• Manipulate and view the information about any session, such as the creation time, the session identifier, and the last accessed time.
• Binding objects to the session, hence; allowing the information about a user to be persistent across the multiple connections.

The following diagram shows the working of the HttpSession interface in a session.

User A and User B both are requesting to connect to a server. The servlet container uses the HttpSession interface to connect to the server by creating a unique id for each request. The unique id is used to identify a user. The unique id can be stored in a request parameter or in a cookie.

Methods of HttpSession Interface

Implementation of Session Tracking in Java

The following programs shows how to implement session tracking. In the example, we have created four files.

1) index.html

2) web.xml

3) HTTPServletEx1.java

4) HTTPServletEx2.java

FileName: index.html

FileName: HTTPServletEx1.java

FileName: HTTPServletEx2.java

Follow the steps given below to run the program.

Step 1: Install the Apache Tomcat application. Go inside the webapps folder of the Tomcat application, and create a folder of your choice. We have created a MyProject folder.

Step 2: Inside the MyProject folder, create a WEB-INF folder, and inside the WEB-INF folder, create a classes folder.

Step 3: Now, Compile the above-mentioned Java files using the javac command. Keep the generated .class files in the classes folder.

Step 4: Now, move outside the classes folder, and create the web.xml file in the WEB-INF folder. Observe the following snapshot.

Step 5: Along with the WEB-INF folder, keep the index.html file.

Step 6: Our application setup is ready. Now, we have to launch the application. To do so, move to the bin folder.

Step 7: Inside the bin folder, click on the Tomcat10.exe

Step 8: The Apache Tomcat server has been launched. The Tomcat server usually listens on port number 8090. Therefore, we have to provide the same port number in the URL. To do so, go to the browser and in the URL bar, write localhost:8090, and press enter. You will see the following.

Step 9: Now, add /MyProject to the URL. Thus, the new URL will be localhost:8090/MyProject. After pressing the enter button, the index.html file comes into action, and the form is shown on the browser.

Step 10: Now write the name of your choice, and click on "Press the Button", we get the following.

Step 11: Observe the URL, it shows servletA. It is because of the action attribute present in the index.html file. Now click on "Press Here".

Now, we moved to servletB. The URL confirms the same. It is because of the anchor tag present in the HTTPServletEx1.java file.

Explanation: In the above code, the getAttribute() and setAttribute() methods are from the HttpSession interface. The setAttribute() method creates an attribute in the session scope of the first servlet, and the getAttribute() receives the same attribute in the session scope of the second servlet. That's why the same is reflected on the servletA as well as on the servletB.

Advantages of Using Http Sessions in a Servlet

1) Various sorts of objects can be kept in the session, such as dataset, database, and text.

2) Unlike cookies, the dependency of the client's browser has been completely removed on the usage of the sessions. To achieve that, a session object is kept on the server instead of on the client's machine.

3) Sessions are transparent and secure.

Disadvantages of Using Http Sessions in a Servlet

1) The session object is kept on the server-side, which leads to the performance overhead.

2) The de-serialization or serialization of data also gives performance overhead.

Note: The import statements present in the .java files contain the word jakarta. The word jakarta is dependent on the servlet-api.jar file. In our case, when we unzipped the servlet-api.jar file, we got the jakarta folder. Hence, we mentioned jakarta in the import statements. Other versions of the tomcat server may contain the servlet-api.jar file which shows the javax folder upon unzipping it. In such a case, one should go with the javax word instead of the jakarta in the import statements.