/ W3SCHOOLS

W3schools - JSP_Session

이 페이지는 다음에 대한 공부 기록입니다
Lecture에서 배웠던 내용을 복습하며 작성했습니다

찾으시는 정보가 있으시다면
주제별reference를 이용하시거나
우측 상단에 있는 검색기능을 이용해주세요

Maintaining Session

HTTP is a “stateless” protocol which means each time a client retrieves a Webpage, the client opens a separate connection to the Web server and the server automatically doesn’t keep any record of previous client request

There are few options to maintain the session between the Web Client and the Web Server

Cookies

A webserver can assign a unique session ID as a cookie to each web client and for subsequent requests from the client they can be recognized using the received cookie

This may not be an effective way as the browser at times doesn’t support a cookie

It is not recommended to use this procedure to maintain the sessions

Hidden form field

A webserver can send a hidden HTML form field along with a unique ID

This can be an effective way of keeping track of the session but clicking on a regular hypertext link doesn’t result in a form submission, so hidden form fields also can’t support general session tracking

URL Rewriting

Append some extra data at the end of each URL. This data identifies the session;

The server can associate that session identifier with the data it has stored about that session

The drawback here is that you will have to generate every URL dynamically to assign a session ID though page is a simple static HTML page

Session

JSP makes use of the servlet provided HttpSession Interface that provides a way to identify a user across

A one page request, or visit to a website, or store information about that user

By default, JSPs have session tracking enabled and a new HttpSession object is instantiated for each new client automatically

Disabling session tracking requires explicitly turning it off by setting the page directive session attribute to false

<%@ page session = “false” %>

The JSP engine exposes the HttpSession object to the JSP author through the implicit session object

Since session object is already provided to the JSP programmer, the programmer can immediately begin storing and retrieving data from the object without any initialization or getSession()

  • getAttribute(String name) : Returns the object bound with the specified name in this session, or null if no object is bound under the name

  • getAttributeNames() : Returns an Enumeration of String objects containing the names of all the objects bound to this session

  • getCreationTime() : Returns the time when this session was created, measured in milliseconds since midnight January 1, 1970 GMT

  • getId() : Returns a string containing the unique identifier assigned to this session

  • getLastAccessedTime() : Returns the last time the client sent a request associated with the session, as the number of milliseconds since midnight January 1, 1970 GMT

  • getMaxInactiveInterval() : Returns the maximum time interval, in seconds, that the servlet container will keep this session open between client accesses

  • invalidate() : Invalidates this session and unbinds any objects bound to it

  • isNew() : Returns true if the client does not yet know about the session or if the client chooses not to joing the session

  • removeAttribute(String name) : Removes the object bound with the specified name from this session

  • setAttribute(String name, Object value) : binds an object to this session, using the name specified

  • setMaxInactiveInterval(int interval) : Sepecifies the time, in seconds, between client requests before the servlet container will invalidate this session

Delete Session

  • removeAttribute(String name) : Remove a particular attribute, To delete the value associated with particular key

  • invalidate() : Delete the whole session, To discard an entire session

  • setMaxInactiveInterval(int interval) : Setting session timeout, To set the timeout for a session individually

  • logout : The servers that support servlets 2.4, can call logout to log the client out of the Web server and invalidate all sessions belonging to all the users

  • web.xml Configuration : If you are using Tomcat, apart from the above mentioned methods, can configure the session time out in web.xml file as follows

<session-config>
<session-timeout>15</session-timeout>
</session-config>

This timeout is expressed as minutes, and overrides the default timeout which is 30 minutes in Tomcat