Session Tracking

Problem:• Identifizierung und

Speicherung persönlicher Daten

• Warenkorb

Lösung:• Session mit ID

AnmeldungID

REQ + IDRES

ID: JKLMGHNB45kdse43k

ID: JEWTSDTRWE45rrtt

ID: ETWEFDR234ewdw

CookiesS

essio

n T

rackin

g

String sessionID = makeUniqueString();

Cokie sessionCookie = new Cokie(“jsession“, sessionID);sessionCookie.setPath(“/ “);response.addCookie(sessionCookie);

Server:Generierung einer eindeutigen ID

Client:Verwaltet Cookies

URL-RewritingS

essio

n T

rackin

g

http://host/path/index.html;jsession=1234Diese Methode funktioniert auch mit Browsern ohne

Cookies.

Server:Generierung einer eindeutigen IDAngabe der Verfallszeit (expiration time)Verknüpfung Session Information mit Request

Client: URL enthält mit zusätzliche Information.

Hidden Form FieldsS

essio

n T

rackin

g

<INPUT TYPE=“HIDDEN“ NAME=“JSESSIONID“ VALUE=“1234“>

Nachteil: Jede Seite muss dynamisch generiert werden.

Server:Generierung einer eindeutigen IDAngabe der Verfallszeit (expiration time)Verknüpfung Session Information mit Request

HTTPSession Objekt

Servlet Container

http://..Session_Tomcat Webserver

Id keine ! neue Id kgwxSession

name:wert

http://..Session_Tomcat

Id kgwxId ausCookie oder URL

Methoden von HttpSessionS

essio

n T

rackin

g

public Object getValue(String name) [2.1]

public Object getAttribute(String name) [2.2]

public void putValue(String name,Object value); [2.1]

public void setAttribute(String name,Object value);[2.2]

public void removeValue(String name); [2.1]

public void removeAttribute(String name);[2.2]

Methoden von HttpSessionS

essio

n T

rackin

g

public String[] getValueNames() [2.1]

public Enumeration getAttributeNames() [2.2]

Alle Attribute einer Session werden zurückgegeben.

public String getId();

Eindeutige Session Id

public boolean isNew();

true, falls der Browser die Session noch nie gesehen hat.

Methoden von HttpSessionS

essio

n T

rackin

g

public long getCreationTime()

Zeit in Millisekunden von Januar 1970

public int getMaxInactiveInterval();

public void setMaxInactiveInterval(int seconds)

Maximale inaktive Zeit, die eine Session überleben soll.

seconds < 0 ; die Session soll immer aktiv bleiben

public void invalidate();

Session wird mit allen assoziierten Objekten gelöscht.

Automatische URL-rewritingS

essio

n T

rackin

g

Das Servlet stellt automatisch auf URL-rewriting um, falls Cookies nicht erlaubt sind.

Für lokale Links:

String originalURL = someRelativeorAbsoluteURL;

String encodedURL = response.encodeURL(originalURL);

out.println(“<A HREF=\““ + encodedURL + “\“> ….</A>“);

package session;import java.io.*;import java.text.*;import java.util.*;import javax.servlet.*;import javax.servlet.http.*;

public class Session_Tomcat extends HttpServlet { public void doGet(HttpServletRequest request,HttpServletResponse

response)throws IOException, ServletException { response.setContentType("text/html");

PrintWriter out = response.getWriter(); out.println("<html><body bgcolor=\"white\"><head>"); String title = "Praxis der Internet Programmierung"; out.println("<title>" + title + "</title></head><body>"); out.println("<h3>" + title + "</h3>");

Session

Session HttpSession session = request.getSession(); out.println("SessionId " + session.getId()); out.println("<br>Erzeugungszeit: "); out.println(new Date(session.getCreationTime()) + "<br>"); out.println("Letztmals benutzt: "); out.println(new Date(session.getLastAccessedTime()));

String dataName = request.getParameter("dataname"); String dataValue = request.getParameter("datavalue"); if (dataName != null && dataValue != null) { session.setAttribute(dataName, dataValue); } out.println("<P>Session Data <br>"); Enumeration names = session.getAttributeNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); String value = session.getAttribute(name).toString(); out.println(name + " = " + value + "<br>"); }

Session

out.print("<P><form action=\""); out.print(response.encodeURL("Session_Tomcat")); out.print("\" "); out.println("method=POST>"); out.println("Name: <input type=text size=20 name=dataname>"); out.println("<br>Wert:"); out.println("<input type=text size=20 name=datavalue>"); out.println("<br><input type=submit>"); out.println("</form>");

out.println("<P>GET based form:<br>"); out.print("<form action=\""); out.print(response.encodeURL("Session_Tomcat")); out.print("\" ");

Session

out.println("method=GET>"); out.println("Name:<input type=text size=20 name=dataname>"); out.println("<br>Wert:"); out.println("<input type=text size=20 name=datavalue>"); out.println("<br><input type=submit>"); out.println("</form>"); out.print("<p><a href=\""); out.print(response.encodeURL("Session_Tomcat?dataname=foo&

datavalue=bar")); out.println("\" >URL encoded </a>"); out.println("</body></html>"); } public void doPost(HttpServletRequest request,HttpServletResponse

response)throws IOException, ServletException { doGet(request, response); }}

Praktikum

Einfacher Warenkorb:

1. Name, Vorname, Passwort in Session speichern

2. Gegenstände hinzufügen

3. Warenkorb anschauen

4. Gegenstände entfernen

public abstract class CatalogPage extends HttpServlet {

private Item[] items;

private String[] itemIDs;

private String title;

/** cut some lines **/

public void doGet(HttpServletRequest request,

HttpServletResponse response)

throws ServletException, IOException {

response.setContentType("text/html");

if (items == null) {

response.sendError(response.SC_NOT_FOUND,

"Missing Items.");

return;

}

Sessio

n T

rackin

gWarenkorbsystem: Katalog

PrintWriter out = response.getWriter();

out.println(ServletUtilities.headWithTitle(title) +

"<BODY BGCOLOR=\"#FDF5E6\">\n" +

"<H1 ALIGN=\"CENTER\">" + title + "</H1>");

Item item;

for(int i=0; i<items.length; i++) {

out.println("<HR>");

item = items[i];

if (item == null) {

out.println("<FONT COLOR=\"RED\">" +

"Unknown item ID " + itemIDs[i] +

"</FONT>");

} else {

Warenkorbsystem: KatalogS

essio

n T

rackin

g

out.println();

String formURL ="/servlet/onlinestore.OrderPage";

formURL = response.encodeURL(formURL);

out.println

("<FORM ACTION=\"" + formURL + "\">\n" +

"<INPUT TYPE=\"HIDDEN\" NAME=\"itemID\" " +

" VALUE=\"" + item.getItemID() + "\">\n" +

"<H2>" + item.getShortDescription() +

" ($" + item.getCost() + ")</H2>\n" +

item.getLongDescription() + "\n" +

"<P>\n<CENTER>\n" +

"<INPUT TYPE=\"SUBMIT\" " +

"VALUE=\"Add to Shopping Cart\">\n" +

"</CENTER>\n<P>\n</FORM>"); ….

Warenkorbsystem: KatalogS

essio

n T

rackin

g

HttpSession session = request.getSession(true);

ShoppingCart cart;

synchronized(session) {

cart = (ShoppingCart)session.getValue("shoppingCart");

// New visitors get a fresh shopping cart.

// Previous visitors keep using their existing cart.

if (cart == null) {

cart = new ShoppingCart();

session.putValue("shoppingCart", cart);

}

Warenkorbsystem: BestellungenS

essio

n T

rackin

g

String itemID = request.getParameter("itemID");

if (itemID != null) {

String numItemsString =

request.getParameter("numItems");

if (numItemsString == null) {

// If request specified an ID but no number, then customers //came here via an "Add Item to Cart" button on a catalog page.

cart.addItem(itemID);

} else {

Warenkorbsystem: BestellungenS

essio

n T

rackin

g

// If request specified an ID and number, then

// customers came here via an "Update Order" button

// after changing the number of items in order.

// Note that specifying a number of 0 results

// in item being deleted from cart.

int numItems;

try {

numItems = Integer.parseInt(numItemsString);

} catch(NumberFormatException nfe) {

numItems = 1;

}

cart.setNumOrdered(itemID, numItems);

}

}

}

Warenkorbsystem: BestellungenS

essio

n T

rackin

g

// Whether or not the customer changed the order, show order status.

response.setContentType("text/html");

PrintWriter out = response.getWriter();

String title = "Status of Your Order";

out.println(ServletUtilities.headWithTitle(title) +

"<BODY BGCOLOR=\"#FDF5E6\">\n" +

"<H1 ALIGN=\"CENTER\">" + title + "</H1>");

synchronized(session) {

Vector itemsOrdered = cart.getItemsOrdered();

if (itemsOrdered.size() == 0) {

out.println("<H2><I>No items in your cart...</I></H2>");

Warenkorbsystem: BestellungenS

essio

n T

rackin

g

for(int i=0; i<itemsOrdered.size(); i++) {

order = (ItemOrder)itemsOrdered.elementAt(i);

out.println

("<TR>\n" +

" <TD>" + order.getItemID() + "\n" +

" <TD>" + order.getShortDescription() + "\n" +

" <TD>" +

formatter.format(order.getUnitCost()) + "\n" + " <TD>" +

"<FORM ACTION=\"" + formURL + "\">\n" +

"<INPUT TYPE=\"HIDDEN\" NAME=\"itemID\"\n" +

" VALUE=\"" + order.getItemID() + "\">\n" +

"<INPUT TYPE=\"TEXT\" NAME=\"numItems\"\n" +

" SIZE=3 VALUE=\"" +

order.getNumItems() + "\">\n" +

Warenkorbsystem: BestellungenS

essio

n T

rackin

g

} else {

// If there is at least one item in cart, show table

// of items ordered.

out.println

("<TABLE BORDER=1 ALIGN=\"CENTER\">\n" +

"<TR BGCOLOR=\"#FFAD00\">\n" +

" <TH>Item ID<TH>Description\n" +

" <TH>Unit Cost<TH>Number<TH>Total Cost");

ItemOrder order;

NumberFormat formatter = NumberFormat.getCurrencyInstance();

String formURL = "/servlet/onlinestore.OrderPage";

formURL = response.encodeURL(formURL);

Warenkorbsystem: BestellungenS

essio

n T

rackin

g

"<SMALL>\n" +

"<INPUT TYPE=\"SUBMIT\"\n "+

" VALUE=\"Update Order\">\n" +

"</SMALL>\n" +

"</FORM>\n" +

" <TD>" +

formatter.format(order.getTotalCost()));

}

String checkoutURL =

response.encodeURL("/servlet/onlinestore.Checkout");

Warenkorbsystem: BestellungenS

essio

n T

rackin

g

// "Proceed to Checkout" button below table

out.println

("</TABLE>\n" +

"<FORM ACTION=\"" + checkoutURL + "\">\n" +

"<BIG><CENTER>\n" +

"<INPUT TYPE=\"SUBMIT\"\n" +

" VALUE=\"Proceed to Checkout\">\n" +

"</CENTER></BIG></FORM>");

}

out.println("</BODY></HTML>");

} /** synchronized **

}

Warenkorbsystem: BestellungenS

essio

n T

rackin

g