The HttpSession Object:
Apart from the above mentioned three ways, servlet provides HttpSession
Interface which provides a way to identify a user across more than one page
request or visit to a Web site and to store information about that user.
The servlet container uses this interface to create a session between an HTTP
client and an HTTP server. The session persists for a specified time period,
across more than one connection or page request from the user.
You would get HttpSession object by calling the public method getSession() of
HttpServletRequest, as below:
HttpSession session = request.getSession();
You need to call request.getSession() before you send any document content to
the client. Here is a summary of the important methods available through
HttpSession object:
| S.NO. | Method & Description |
| 1 | public Object getAttribute(String
name) This method returns the object bound with the specified name in this session, or null if no object is bound under the name. |
| 2 | public Enumeration getAttributeNames() This method returns an Enumeration of String objects containing the names of all the objects bound to this session. |
| 3 | public long getCreationTime() This method returns the time when this session was created, measured in milliseconds since midnight January 1, 1970 GMT. |
| 4 | public String getId() This method returns a string containing the unique identifier assigned to this session. |
| 5 | public long getLastAccessedTime() This method returns the last time the client sent a request associated with this session, as the number of milliseconds since midnight January 1, 1970 GMT. |
| 6 | public int getMaxInactiveInterval() This method returns the maximum time interval, in seconds, that the servlet container will keep this session open between client accesses.. |
| 7 | public void invalidate() This method invalidates this session and unbinds any objects bound to it. |
| 8 | public boolean isNew() This method returns true if the client does not yet know about the session or if the client chooses not to join the session. |
| 9 | public void removeAttribute(String
name) This method removes the object bound with the specified name from this session. |
| 10 | public void setAttribute(String
name, Object value) This method binds an object to this session, using the name specified. |
| 11 | public void
setMaxInactiveInterval(int interval) This method specifies the time, in seconds, between client requests before the servlet container will invalidate this session |
Session Tracking Example:
This example describes how to use the HttpSession object to find out the
creation time and the last-accessed time for a session. We would associate a new
session with the request if one does not already exist.
|
// Import required java libraries import java.io.*; import javax.servlet.*; import javax.servlet.http.*; import java.util.*; // Extend HttpServlet class public class SessionTrack extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // Create a session object if it is already not created. HttpSession session = request.getSession(true); // Get session creation time. Date createTime =
new
// Get last access time of this web page. Date lastAccessTime = new
String title = "Welcome TO my website"; Integer visitCount = new Integer(0); String visitCountKey = new String("visitCount"); String userIDKey = new String("userID"); String userID = new String("ABCD"); // Check if this is new comer on your web page. if (session.isNew()){ title = "Welcome to my website"; session.setAttribute(userIDKey, userID); } else { visitCount = (Integer)session.getAttribute(visitCountKey); visitCount = visitCount + 1; userID = (String)session.getAttribute(userIDKey); } session.setAttribute(visitCountKey, visitCount); // Set response content type response.setContentType("text/html"); PrintWriter out = response.getWriter(); String docType = "<!doctype html public \"-//w3c//dtd html 4.0 " + "transitional//en\">\n"; out.println(docType + "<html>\n" + "<head><title>" + title + "</title></head>\n" + "<body bgcolor=\"#f0f0f0\">\n" + "<h1 align=\"center\">" + title + "</h1>\n" + "<h2 align=\"center\">Session Infomation</h2>\n" + "<table border=\"1\" align=\"center\">\n" + "<tr bgcolor=\"#949494\">\n" + " <th>Session info</th><th>value</th></tr>\n" + "<tr>\n" + " <td>id</td>\n" + " <td>" + session.getId() + "</td></tr>\n" + "<tr>\n" + " <td>Creation Time</td>\n" + " <td>" + createTime + " </td></tr>\n" + "<tr>\n" + " <td>Time of Last Access</td>\n" + " <td>" + lastAccessTime + " </td></tr>\n" + "<tr>\n" + " <td>User ID</td>\n" + " <td>" + userID + " </td></tr>\n" + "<tr>\n" + " <td>Number of visits</td>\n" + " <td>" + visitCount + "</td></tr>\n" + "</table>\n" + "</body></html>"); }} |
Deleting Session Data:
When you are done with a user's session data, you have several options:
Remove a particular attribute: You can call public void
removeAttribute(String name) method to delete the value associated with a
particular key.
Delete the whole session: You can call public void invalidate() method to
discard an entire session.
Setting Session timeout: You can call public void setMaxInactiveInterval(int
interval) method to set the timeout for a session individually.
Log the user out: The servers that support servlets 2.4, you can call logout to
log the client out of the Web server and invalidate all sessions belonging to
all the users.
web.xml Configuration: If you are using Tomcat, apart from the above
mentioned methods, you can configure session time out in web.xml file as
follows.
<session-config>
<session-timeout>15</session-timeout>
</session-config>