Using Cookies for Session Tracking

Previous page
Table of content
Next page
Team-Fly

HTTP is a stateless protocol, which means that each request and response pair is a separate conversation. Sometimes, though, you want the server to remember who you are. This can be done with a session. On the server side, a session is just a collection of information. When the client sends an HTTP request to the server, it includes a session ID as part of the request. The server can then look up the corresponding session and have some idea of the identity (or at least the state) of the client.

The most common way to store a session ID on the client side is using HTTP cookies. A cookie is just a little piece of data that is passed from the server to the client in an HTTP response. Most Web browsers automatically store cookies and will send them back to the appropriate server when a new request is made.

In the MIDP world, of course, there's no Web browser taking care of cookies for you. You have to do it yourself. Fortunately, it's not very complicated.

Network code that maintains a server session ID needs to do two things:

  1. When receiving a response from a server, check for a cookie. If there is a cookie present, save it away for later (perhaps in a member variable). A cookie is just another HTTP response header line. You can check for a cookie by calling getHeaderField() on an HttpConnection object after the request has been sent.

  2. When sending a request to the server, send the session ID cookie if it has been previously received. Again, sending a cookie to the server is just a matter of putting it in the request headers, using HttpConnection's setRequestProperty() method.

Each time you send a request to the server, you will be sending a session ID as a request header. The server uses this session ID to look up a session object that can be used, server side, to do useful stuff like retrieve preferences or maintain a shopping cart.

It's not hard to implement this behavior in a MIDlet. If you have a session ID cookie handy, you should send it when you open up an HTTP connection to the same server, like this:

 HttpConnection hc = (HttpConnection)Connector.open(url); if (mSession != null)     hc.setRequestProperty("cookie", mSession);

This code assumes you have a session ID cookie saved away in the mSession member variable. The first time you contact the server, of course, you won't have a session ID cookie.

Later, when you receive a response from an HTTP request, look for a cookie. If you find one, parse out the session ID and save it away, like this:

 InputStream in = hc.openInputStream(); String cookie = hc.getHeaderField("Set-cookie"); if (cookie != null) {   int semicolon = cookie.indexOf(';');   mSession = cookie.substring(0, semicolon); }

The cookie string needs to be parsed because it comes in two pieces. The first piece is a path that can be used to determine when the cookie should be sent back to the server. The second part contains the session ID-that's the part we parse out and save.

Listing 8-2 shows a class, CookieMIDlet, that uses this technique to maintain a session with a server. It has a very bland user interface-just an empty Form with two commands. If you invoke the Send command, the MIDlet sends an HTTP request and receives a response using the cookie handling described above.

Listing 8-2: CookieMIDlet saves a server session ID cookie.

start example 
 import java.io.*; import javax.microedition.io.*; import javax.microedition.midlet.*; import javax.microedition.lcdui.*; public class CookieMIDlet extends MIDlet {   private Display mDisplay;   private Form mForm;   private String mSession;   public void startApp() {     mDisplay = Display.getDisplay(this);     if (mForm == null) {       mForm = new Form("CookieMIDlet");       mForm.addCommand(new Command("Exit", Command.EXIT, 0));       mForm.addCommand(new Command("Send", Command.SCREEN, 0));       mForm.setCommandListener(new CommandListener() {         public void commandAction(Command c, Displayable s) {           if (c.getCommandType() == Command.EXIT) notifyDestroyed();           else send();         }       });     }     mDisplay.setCurrent(mForm);   }   private void send() {     // Create the GET URL. Our user name and the encrypted, hex     //   encoded message are included as parameters. The user name     //   and base URL are retrieved as application properties.     String url = "http://hotnoodles/midp/cookie";     try {       // Query the server and retrieve the response.       HttpConnection hc = (HttpConnection)Connector.open(url);       if (mSession != null)         hc.setRequestProperty("cookie", mSession);       InputStream in = hc.openInputStream();       String cookie = hc.getHeaderField("Set-cookie");       if (cookie != null) {         int semicolon = cookie.indexOf(';');         mSession = cookie.substring(0, semicolon);       }       int length = (int)hc.getLength();       byte[] raw = new byte[length];       in.read(raw);       String s = new String(raw);       Alert a = new Alert("Response", s, null, null);       a.setTimeout(Alert.FOREVER);       mDisplay.setCurrent(a, mForm);       in.close();       hc.close();     }     catch (IOException ioe) {       Alert a = new Alert("Exception", ioe.toString(), null, null);       a.setTimeout(Alert.FOREVER);       mDisplay.setCurrent(a, mForm);     }   }   public void pauseApp() {}   public void destroyApp(boolean unconditional) {} }
end example

On the server side, things are much simpler. If you're writing with servlets, you don't even have to worry about cookies. Instead, you just deal with an HttpSession object. The code that follows shows a servlet that interacts with CookieMIDlet. It's been tested on Tomcat 4.0 but should work fine on other servers. Note that you will have to map the URL used by the MIDlet to this servlet class; for details, see an introductory book on servlets or your server's documentation.

 import javax.servlet.http.*; import javax.servlet.*; import java.io.*; public class CookieServlet extends HttpServlet {   public void doGet(HttpServletRequest request,       HttpServletResponse response)       throws ServletException, IOException {     HttpSession session = request.getSession();     String message = session.getId();     System.out.println(message);     response.setContentType("text/plain");     response.setContentLength(message.length());     PrintWriter out = response.getWriter();     out.println(message);   } }

The servlet retrieves the HttpSession object. Then it pulls out the session ID and sends it as the response back to the MIDlet. It also prints the session ID out to the console, so you can see that the session ID on the client and is the same.

Team-Fly

Previous page
Table of content
Next page
Wireless Java. Developing with J2ME
ColdFusion MX Professional Projects
ISBN: 1590590775
EAN: 2147483647
Year: 2000
Pages: 129
Authors: Rohit Kochar, Parag Rastogi
BUY ON AMAZON
The .NET Developers Guide to Directory Services Programming
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
An Introduction to Design Patterns in C++ with Qt 4
Junos Cookbook (Cookbooks (OReilly))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy