Web servers use the Hyper-Text Transport Protocol (HTTP). HTTP is a stateless protocol. An HTTP Web server cannot associate requests from a client, and therefore treats each request independently. This protocol works fine for simple Web browsing, where each request typically results in an HTML file or a text file being sent back to the client. Such simple requests are isolated. However, the requests in interactive Web applications are often related . Consider the two requests in the following scenario:
Request 1: A client sends registration data to the server; the server then returns the data to the user for confirmation.
Request 2: The client confirms the data by resubmitting it.
In Request 2, the data submitted in Request 1 is sent back to the server. These two requests are related in a session. A session can be defined as a series of related interactions between a single client and the Web server over a period of time. Tracking data among requests in a session is known as session tracking .
This section introduces three techniques for session tracking: using hidden values , using cookies , and using the session tracking tools from servlet API .
You can track a session by passing data from the servlet to the client as hidden values in a dynamically generated HTML form by including a field like this one:
<input type = "hidden" name = "lastName" value = "Smith" >
The next request will submit the data back to the servlet. The servlet retrieves this hidden value just like any other parameter value, using the getParameter method.
Let us use an example to demonstrate using hidden values in a form. The example creates a servlet that processes a registration form. The client submits the form using the GET method, as shown in Figure 34.17. The server collects the data in the form, displays it to the client, and asks the client for confirmation, as shown in Figure 34.18. The client confirms the data by submitting the request with the hidden values using the POST method. Finally, the servlet writes the data to a database.
Create an HTML form named Registration.html in Listing 34.8 for collecting the data and sending it to the database using the GET method for confirmation. This file is almost identical to Listing 34.3, Student_Registration_Form.html. Place this file under c:\jakarta-tomcat-5.5.9\webapps\liangweb .
1 <!-- Registration.html --> 2 <html> 3 <head> 4 <title> Using Hidden Data for Session Tracking </title> 5 </head> 6 <body> 7 Please register to your instructor's student address book. 8 9 <form method = "get" action = "/liangweb/Registration"> 10 <p> Last Name <font color = "#FF0000" > * </font> 11 <input type = "text" name = "lastName" > 12 First Name <font color = "#FF0000" > * </font> 13 <input type = "text" name = "firstName" > 14 MI <input type = "text" name = "mi" size = "3" > 15 </p> 16 <p> Telephone 17 <input type = "text" name = "telephone" size = "20" > 18 Email 19 <input type = "text" name = "email" size = "28" > 20 </p> 21 <p> Street <input type = "text" name = "street" size = "50" > 22 </p> 23 <p> City <input type = "text" name = "city" size = "23" > 24 State 25 <select size = "1" name = "state" > 26 <option value = "GA" > Georgia-GA </option> 27 <option value = "OK" > Oklahoma-OK </option> 28 <option value = "IN" > Indiana-IN </option> 29 </select> 30 Zip <input type = "text" name = "zip" size = "9" > 31 </p> 32 <p> <input type = "submit" name = "Submit" value = "Submit" > 33 <input type = "reset" value = "Reset" > 34 </p> 35 </form> 36 <p><font color = "#FF0000" > * required fields </font></p> 37 </body> 38 </html> |
Create the servlet named Registration in Listing 34.9 and compile it into c:\jakarta-tomcat-5.5.9\webapps\liangweb\WEB-INF\classes .
1 import javax.servlet.*; 2 import javax.servlet.http.*; 3 import java.io.*; 4 import java.sql.*; 5 6 public class Registration extends HttpServlet { 7 // Use a prepared statement to store a student into the database 8 private PreparedStatement pstmt; 9 10 /** Initialize variables */ 11 public void init() throws ServletException { 12 initializeJdbc(); 13 } 14 15 /** Process the HTTP Get request */ 16 public void doGet(HttpServletRequest request, HttpServletResponse 17 response) throws ServletException, IOException { 18 response.setContentType( "text/html" ); 19 PrintWriter out = response.getWriter(); 20 21 // Obtain data from the form 22 String lastName = request.getParameter( "lastName" ); 23 String firstName = request.getParameter( "firstName" ); 24 String mi = request.getParameter( "mi" ); 25 String telephone = request.getParameter( "telephone" ); 26 String email = request.getParameter( "email" ); 27 String street = request.getParameter( "street" ); 28 String city = request.getParameter( "city" ); 29 String state = request.getParameter( "state" ); 30 String zip = request.getParameter( "zip" ); 31 32 if (lastName.length() == firstName.length() == ) { 33 out.println( "Last Name and First Name are required" ); 34 return ; // End the method 35 } 36 37 // Ask for confirmation 38 out.println( "You entered the following data" ); 39 out.println( "<p>Last name: " + lastName); 40 out.println( "<br>First name: " + firstName); 41 out.println( "<br>MI: " + mi); 42 out.println( "<br>Telephone: " + telephone); 43 out.println( "<br>Email: " + email); 44 out.println( "<br>Address: " + street); 45 out.println( "<br>City: " + city); 46 out.println( "<br>State: " + state); 47 out.println( "<br>Zip: " + zip); 48 49 // Set the action for processing the answers 50 out.println( "<p><form method=\" post\ " action=" + 51 "/liangweb/Registration>" ); 52 // Set hidden values 53 out.println( "<p><input type=\" hidden\ " " + 54 "value=" + lastName + " name=\" lastName\ ">" ); 55 out.println( "<p><input type=\" hidden\ " " + 56 "value=" + firstName + " name=\" firstName\ ">" ); 57 out.println( "<p><input type=\" hidden\ " " + 58 "value=" + mi + " name=\" mi\ ">" ); 59 out.println( "<p><input type=\" hidden\ " " + 60 "value=" + telephone + " name=\" telephone\ ">" ); 61 out.println( "<p><input type=\" hidden\ " " + 62 "value=" + email + " name=\" email\ ">" ); 63 out.println( "<p><input type=\" hidden\ " " + 64 "value=" + street + " name=\" street\ ">" ); 65 out.println( "<p><input type=\" hidden\ " " + 66 "value=" + city + " name=\" city\ ">" ); 67 out.println( "<p><input type=\" hidden\ " " + 68 "value=" + state + " name=\" state\ ">" ); 69 out.println( "<p><input type=\" hidden\ " " + 70 "value=" + zip + " name=\" zip\ ">" ); 71 out.println( "<p><input type=\" submit\ " value=\" Confirm\ " >" ); 72 out.println( "</form>" ); 73 74 out.close(); // Close stream 75 } 76 77 /** Process the HTTP Post request */ 78 public void doPost(HttpServletRequest request, HttpServletResponse 79 response) throws ServletException, IOException { 80 response.setContentType( "text/html" ); 81 PrintWriter out = response.getWriter(); 82 83 try { 84 String lastName = request.getParameter( "lastName" ); 85 String firstName = request.getParameter( "firstName" ); 86 String mi = request.getParameter( "mi" ); 87 String telephone = request.getParameter( "telephone" ); 88 String email = request.getParameter( "email" ); 89 String street = request.getParameter( "street" ); 90 String city = request.getParameter( "city" ); 91 String state = request.getParameter( "state" ); 92 String zip = request.getParameter( "zip" ); 93 94 storeStudent(lastName, firstName, mi, telephone, email, 95 street, city, state, zip); 96 97 out.println(firstName + " " + lastName + 98 " is now registered in the database" ); 99 } 100 catch (Exception ex) { 101 out.println( "Error: " + ex.getMessage()); 102 return ; // End the method 103 } 104 } 105 106 /** Initialize database connection */ 107 private void initializeJdbc() { 108 try { 109 // Declare driver and connection string 110 String driver = "sun.jdbc.odbc.JdbcOdbcDriver" ; 111 String connectionString = "jdbc:odbc:exampleMDBDataSource" ; 112 /* For Oracle 113 String driver = "oracle.jdbc.driver.OracleDriver"; 114 String connectionString = "jdbc:oracle:" + 115 "thin:scott/tiger@liang.armstrong.edu:1521:orcl"; 116 */ 117 // Load the Oracle JDBC Thin driver 118 Class.forName(driver); 119 120 // Connect to the sample database 121 Connection conn = DriverManager.getConnection 122 (connectionString); 123 124 // Create a Statement 125 pstmt = conn.prepareStatement( "insert into Address " + 126 "(lastName, firstName, mi, telephone, email, street, city, " 127 + "state, zip) values (?, ?, ?, ?, ?, ?, ?, ?, ?)" ); 128 } 129 catch (Exception ex) { 130 System.out.println(ex); 131 } 132 } 133 134 /** Store a student record to the database */ 135 private void storeStudent(String lastName, String firstName, 136 String mi, String phone, String email, String address, 137 String city, String state, String zip) throws SQLException { 138 pstmt.setString( 1 , lastName); 139 pstmt.setString( 2 , firstName); 140 pstmt.setString( 3 , mi); 141 pstmt.setString( 4 , phone); 142 pstmt.setString( 5 , email); 143 pstmt.setString( 6 , address); 144 pstmt.setString( 7 , city); 145 pstmt.setString( 8 , state); 146 pstmt.setString( 9 , zip); 147 pstmt.executeUpdate(); 148 } 149 } |
The servlet processes the GET request by generating an HTML page that displays the client's input and asks for the client's confirmation. The input data consists of hidden values in the newly generated forms, so it will be sent back in the confirmation request. The confirmation request uses the POST method. The servlet retrieves the hidden values and stores them in the database.
Since the first request does not write anything to the database, it is appropriate to use the GET method. Since the second request results in an update to the database, the POST method must be used.
Note
The hidden values could also be sent from the URL query string if the request uses the GET method. |
You can track sessions using cookies, which are small text files that store sets of name-value pairs on the disk in the client's computer. Cookies are sent from the server through the instructions in the header of the HTTP response. The instructions tell the browser to create a cookie with a given name and its associated value. If the browser already has a cookie with the key name, the value will be updated. The browser will then send the cookie with any request submitted to the same server. Cookies can have expiration dates set, after which they will not be sent to the server. The javax.servlet.http.Cookie is used to create and manipulate cookies, as shown in Figure 34.19.
To send a cookie to the browser, use the addCookie method in the HttpServletResponse class, as shown below:
response.addCookie(cookie);
where response is an instance of HttpServletResponse .
To obtain cookies from a browser, use
request.getCookies();
where request is an instance of HttpServletRequest .
To demonstrate the use of cookies, let us create an example that accomplishes the same task as Listing 34.9, Registration.java. Instead of using hidden values for session tracking, it uses cookies.
Create the servlet named RegistrationWithHttpCookie in Listing 34.10. Compile it into c:\jakarta-tomcat-5.5.9\webapps\liangweb\WEB-INF\classes .
Create an HTML file named RegistrationWithCookie.html that is identical to Registration. html except that the action is replaced by
http://localhost: 8080 /liangweb/RegistrationWithCookie
1 import javax.servlet.*; 2 import javax.servlet.http.*; 3 import java.io.*; 4 import java.sql.*; 5 6 public class RegistrationWithCookie extends HttpServlet { 7 private static final String CONTENT_TYPE = "text/html" ; 8 // Use a prepared statement to store a student into the database 9 private PreparedStatement pstmt; 10 11 /** Initialize variables */ 12 public void init() throws ServletException { 13 initializeJdbc(); 14 } 15 16 /** Process the HTTP Get request */ 17 public void doGet(HttpServletRequest request, HttpServletResponse 18 response) throws ServletException, IOException { 19 response.setContentType( "text/html" ); 20 PrintWriter out = response.getWriter(); 21 22 // Obtain data from the form 23 String lastName = request.getParameter( "lastName" ); 24 String firstName = request.getParameter( "firstName" ); 25 String mi = request.getParameter( "mi" ); 26 String telephone = request.getParameter( "telephone" ); 27 String email = request.getParameter( "email" ); 28 String street = request.getParameter( "street" ); 29 String city = request.getParameter( "city" ); 30 String state = request.getParameter( "state" ); 31 String zip = request.getParameter( "zip" ); 32 33 // Create cookies and send cookies to browsers 34 Cookie cookieLastName = new Cookie( "lastName" , lastName); 35 // cookieLastName.setMaxAge(1000); 36 response.addCookie(cookieLastName); 37 Cookie cookieFirstName = new Cookie( "firstName" , firstName); 38 response.addCookie(cookieFirstName); 39 // cookieFirstName.setMaxAge(0); 40 Cookie cookieMi = new Cookie( "mi" , mi); 41 response.addCookie(cookieMi); 42 Cookie cookieTelephone = new Cookie( "telephone" , telephone); 43 response.addCookie(cookieTelephone); 44 Cookie cookieEmail = new Cookie( "email" , email); 45 response.addCookie(cookieEmail); 46 Cookie cookieStreet = new Cookie( "street" , street); 47 response.addCookie(cookieStreet); 48 Cookie cookieCity = new Cookie( "city" , city); 49 response.addCookie(cookieCity); 50 Cookie cookieState = new Cookie( "state" , state); 51 response.addCookie(cookieState); 52 Cookie cookieZip = new Cookie( "zip" , zip); 53 response.addCookie(cookieZip); 54 55 System.out.println( "MaxAge? " + cookieLastName.getMaxAge()); 56 System.out.println( "MaxAge fir? " + cookieFirstName.getMaxAge()); 57 58 if (lastName.length() == firstName.length() == ) { 59 out.println( "Last Name and First Name are required" ); 60 return ; // End the method 61 } 62 63 // Ask for confirmation 64 out.println( "You entered the following data" ); 65 out.println( "<p>Last name: " + lastName); 66 out.println( "<br>First name: " + firstName); 67 out.println( "<br>MI: " + mi); 68 out.println( "<br>Telephone: " + telephone); 69 out.println( "<br>Email: " + email); 70 out.println( "<br>Street: " + street); 71 out.println( "<br>City: " + city); 72 out.println( "<br>State: " + state); 73 out.println( "<br>Zip: " + zip); 74 75 // Set the action for processing the answers 76 out.println( "<p><form method=\" post\ " action=" + 77 "/liangweb/RegistrationWithCookie>" ); 78 out.println( "<p><input type=\" submit\ " value=\" Confirm\ " >" ); 79 out.println( "</form>" ); 80 out.close(); // Close stream 81 } 82 83 /** Process the HTTP Post request */ 84 public void doPost(HttpServletRequest request, HttpServletResponse 85 response) throws ServletException, IOException { 86 response.setContentType(CONTENT_TYPE); 87 PrintWriter out = response.getWriter(); 88 89 String lastName = "" ; 90 String firstName = "" ; 91 String mi = "" ; 92 String telephone = "" ; 93 String email = "" ; 94 String street = "" ; 95 String city = "" ; 96 String state = "" ; 97 String zip = "" ; 98 99 // Read the cookies 100 Cookie[] cookies = request.getCookies(); 101 102 // Get cookie values 103 for ( int i = ; i < cookies.length; i++) { 104 if ( cookies[i].getName(). equals( "lastName" )) 105 lastName = cookies[i].getValue() ; 106 else if (cookies[i].getName().equals( "firstName" )) 107 firstName = cookies[i].getValue(); 108 else if (cookies[i].getName().equals( "mi" )) 109 mi = cookies[i].getValue(); 110 else if (cookies[i].getName().equals( "telephone" )) 111 telephone = cookies[i].getValue(); 112 else if (cookies[i].getName().equals( "email" )) 113 email = cookies[i].getValue(); 114 else if (cookies[i].getName().equals( "street" )) 115 street = cookies[i].getValue(); 116 else if (cookies[i].getName().equals( "city" )) 117 city = cookies[i].getValue(); 118 else if (cookies[i].getName().equals( "state" )) 119 state = cookies[i].getValue(); 120 else if (cookies[i].getName().equals( "zip" )) 121 zip = cookies[i].getValue(); 122 } 123 124 try { 125 storeStudent(lastName, firstName, mi, telephone, email, street, 126 city, state, zip); 127 128 out.println(firstName + " " + lastName + 129 " is now registered in the database" ); 130 131 out.close(); // Close stream 132 } 133 catch (Exception ex) { 134 out.println( "Error: " + ex.getMessage()); 135 return ; // End the method 136 } 137 } 138 139 /** Initialize database connection */ 140 private void initializeJdbc() { 141 try { 142 // Declare driver and connection string 143 String driver = "sun.jdbc.odbc.JdbcOdbcDriver" ; 144 String connectionString = "jdbc:odbc:exampleMDBDataSource" ; 145 // For Oracle 146 // String driver = "oracle.jdbc.driver.OracleDriver"; 147 // String connectionString = "jdbc:oracle:" + 148 // "thin:scott/tiger@liang.armstrong.edu:1521:orcl"; 149 150 // Load the Oracle JDBC Thin driver 151 Class.forName(driver); 152 System.out.println( "Driver " + driver + " loaded" ); 153 154 // Connect to the sample database 155 Connection conn = DriverManager.getConnection 156 (connectionString); 157 System.out.println( "Database " + connectionString + 158 " connected" ); 159 160 // Create a Statement 161 pstmt = conn.prepareStatement( "insert into Address " + 162 "(lastName, firstName, mi, telephone, email, street, city, " 163 + "state, zip) values (?, ?, ?, ?, ?, ?, ?, ?, ?)" ); 164 } 165 catch (Exception ex) { 166 System.out.println(ex); 167 } 168 } 169 170 /** Store a student record to the database */ 171 private void storeStudent(String lastName, String firstName, 172 String mi, String telephone, String email, String street, 173 String city, String state, String zip) throws SQLException { 174 pstmt.setString( 1 , lastName); 175 pstmt.setString( 2 , firstName); 176 pstmt.setString( 3 , mi); 177 pstmt.setString( 4 , telephone); 178 pstmt.setString( 5 , email); 179 pstmt.setString( 6 , street); 180 pstmt.setString( 7 , city); 181 pstmt.setString( 8 , state); 182 pstmt.setString( 9 , zip); 183 pstmt.executeUpdate(); 184 } 185 } |
You have to create a cookie for each value you want to track, using the Cookie class's only constructor, which defines a cookie's name and value as shown below (line 34):
Cookie cookieLastName = new Cookie( "lastName" , lastName);
To send the cookie to the browser, use a statement like this one (line 36):
response.addCookie(cookieLastName);
If a cookie with the same name already exists in the browser, its value is updated; otherwise , a new cookie is created.
Cookies are automatically sent to the Web server with each request from the client. The servlet retrieves all the cookies into an array using the getCookies method (line 100):
Cookie[] cookies = request.getCookies();
To obtain the name of the cookie, use the getName method (line 104):
String name = cookies[i].getName();
The cookie's value can be obtained using the getValue method:
String value = cookies[i].getValue();
Cookies are stored as strings just like form parameters and hidden values. If a cookie represents a numeric value, you have to convert it into an integer or a double, using the parseInt method in the Integer class or the parseDouble method in the Double class.
By default, a newly created cookie persists until the browser exits. However, you can set an expiration date, using the setMaxAge method, to allow a cookie to stay in the browser for up to 2,147,483,647 seconds (approximately 24,855 days).
You have now learned both session tracking using hidden values and session tracking using cookies. These two session-tracking methods have problems. They send data to the browser either as hidden values or as cookies. The data is not secure, and anybody with knowledge of computers can obtain it. The hidden data is in HTML form, which can be viewed from the browser. Cookies are stored in the Cache directory of the browser. Because of security concerns, some browsers do not accept cookies. The client can turn the cookies off and limit their number. Another problem is that hidden data and cookies pass data as strings. You cannot pass objects using these two methods.
To address these problems, Java servlet API provides the javax.servlet.http.HttpSession interface, which provides a way to identify a user across more than one page request or visit to a Web site and to store information about that user. The servlet container uses this interface to create a session between an HTTP client and an HTTP server. The session persists for a specified time period, across more than one connection or page request from the user. A session usually corresponds to one user, who may visit a site many times. The session enables tracking of a large set of data. The data can be stored as objects and is secure because they are kept on the server side.
To use the Java servlet API for session tracking, first create a session object using the getSession() method in the HttpServletRequest interface:
HttpSession session = request.getSession();
This obtains the session or creates a new session if the client does not have a session on the server.
The HttpSession interface provides the methods for reading and storing data to the session, and for manipulating the session, as shown in Figure 34.20.
Note
HTTP is stateless. So how does the server associate a session with multiple requests from the same client? This is handled behind the scenes by the servlet container and is transparent to the servlet programmer. |
To demonstrate using HttpSession , let us rewrite Listing 34.9, Registration.java, and Listing 34.10, RegistrationWithCookie.java. Instead of using hidden values or cookies for session tracking, it uses servlet HttpSession .
Create the servlet named RegistrationWithHttpSession in Listing 34.11. Compile it into c:\jakarta-tomcat-5.5.9\webapps\liangweb\WEB-INF\classes . Note that this servlet contains two class files, RegistrationWithHttpSession.class and RegistrationWithHttpSession$Student.class .
Create an HTML file named RegistrationWithHttpSession.html that is identical to Registration.html except that the action is replaced by
http://localhost:8080/liangweb/RegistrationWithHttpSession
1 import javax.servlet.*; 2 import javax.servlet.http.*; 3 import java.io.*; 4 import java.sql.*; 5 6 public class RegistrationWithHttpSession extends HttpServlet { 7 // Use a prepared statement to store a student into the database 8 private PreparedStatement pstmt; 9 10 /** Initialize variables */ 11 public void init() throws ServletException { 12 initializeJdbc(); 13 } 14 15 /** Process the HTTP Get request */ 16 public void doGet(HttpServletRequest request, HttpServletResponse 17 response) throws ServletException, IOException { 18 // Set response type and output stream to the browser 19 response.setContentType( "text/html" ); 20 PrintWriter out = response.getWriter(); 21 22 // Obtain data from the form 23 String lastName = request.getParameter( "lastName" ); 24 String firstName = request.getParameter( "firstName" ); 25 String mi = request.getParameter( "mi" ); 26 String telephone = request.getParameter( "telephone" ); 27 String email = request.getParameter( "email" ); 28 String street = request.getParameter( "street" ); 29 String city = request.getParameter( "city" ); 30 String state = request.getParameter( "state" ); 31 String zip = request.getParameter( "zip" ); 32 33 if (lastName.length() == firstName.length() == ) { 34 out.println( "Last Name and First Name are required" ); 35 return ; // End the method 36 } 37 38 // Create a Student object 39 Student student = new Student(lastName, firstName, 40 mi, telephone, email, street, city, state, zip); 41 42 // Get an HttpSession or create one if it does not exist 43 HttpSession httpSession = request.getSession(); 44 45 // Store student object to the session 46 httpSession.setAttribute( "student" , student); 47 48 // Ask for confirmation 49 out.println( "You entered the following data" ); 50 out.println( "<p>Last name: " + lastName); 51 out.println( "<p>First name: " + firstName); 52 out.println( "<p>MI: " + mi); 53 out.println( "<p>Telephone: " + telephone); 54 out.println( "<p>Email: " + email); 55 out.println( "<p>Address: " + street); 56 out.println( "<p>City: " + city); 57 out.println( "<p>State: " + state); 58 out.println( "<p>Zip: " + zip); 59 60 // Set the action for processing the answers 61 out.println( "<p><form method=\" post\ " action=" + 62 "/liangweb/RegistrationWithHttpSession>" ); 63 out.println( "<p><input type=\" submit\ " value=\" Confirm\ " >" ); 64 out.println( "</form>" ); 65 66 out.close(); // Close stream 67 } 68 69 /** Process the HTTP Post request */ 70 public void doPost(HttpServletRequest request, HttpServletResponse 71 response) throws ServletException, IOException { 72 // Set response type and output stream to the browser 73 response.setContentType( "text/html" ); 74 PrintWriter out = response.getWriter(); 75 76 // Obtain the HttpSession 77 HttpSession httpSession = request.getSession(); 78 79 // Get the Student object in the HttpSession 80 Student student = (Student)(httpSession.getAttribute( "student" )); 81 82 try { 83 storeStudent(student); 84 85 out.println(student.firstName + " " + student.lastName + 86 " is now registered in the database" ); 87 out.close(); // Close stream 88 } 89 catch (Exception ex) { 90 out.println( "Error: " + ex.getMessage()); 91 return ; // End the method 92 } 93 } 94 95 /** Initialize database connection */ 96 private void initializeJdbc() { 97 try { 98 // Declare driver and connection string 99 String driver = "sun.jdbc.odbc.JdbcOdbcDriver" ; 100 String connectionString = "jdbc:odbc:exampleMDBDataSource" ; 101 102 // Load the Oracle JDBC Thin driver 103 Class.forName(driver); 104 System.out.println( "Driver " + driver + " loaded" ); 105 106 // Connect to the sample database 107 Connection conn = DriverManager.getConnection 108 (connectionString); 109 System.out.println( "Database " + connectionString + 110 " connected" ); 111 112 // Create a Statement 113 pstmt = conn.prepareStatement( "insert into Address " + 114 "(lastName, firstName, mi, telephone, email, street, city, " 115 + "state, zip) values (?, ?, ?, ?, ?, ?, ?, ?, ?)" ); 116 } 117 catch (Exception ex) { 118 System.out.println(ex); 119 } 120 } 121 122 /** Store a student record to the database */ 123 private void storeStudent(Student student) throws SQLException { 124 pstmt.setString( 1 , student.getLastName()); 125 pstmt.setString( 2 , student.getFirstName()); 126 pstmt.setString( 3 , student.getMi()); 127 pstmt.setString( 4 , student.getTelephone()); 128 pstmt.setString( 5 , student.getEmail()); 129 pstmt.setString( 6 , student.getStreet()); 130 pstmt.setString( 7 , student.getCity()); 131 pstmt.setString( 8 , student.getState()); 132 pstmt.setString( 9 , student.getZip()); 133 pstmt.executeUpdate(); 134 } 135 136 class Student { 137 private String lastName = "" ; 138 private String firstName = "" ; 139 private String mi = "" ; 140 private String telephone = "" ; 141 private String email = "" ; 142 private String street = "" ; 143 private String city = "" ; 144 private String state = "" ; 145 private String zip = "" ; 146 147 Student(String lastName, String firstName, 148 String mi, String telephone, String email, String street, 149 String city, String state, String zip) { 150 this .lastName = lastName; 151 this .firstName = firstName; 152 this .mi = mi; 153 this .telephone = telephone; 154 this .email = email; 155 this .street = street; 156 this .city = city; 157 this .state = state; 158 this .zip = zip; 159 } 160 161 public String getLastName() { 162 return lastName; 163 } 164 165 public String getFirstName() { 166 return firstName; 167 } 168 169 public String getMi() { 170 return mi; 171 } 172 173 public String getTelephone() { 174 return telephone; 175 } 176 177 public String getEmail() { 178 return email; 179 } 180 181 public String getStreet() { 182 return street; 183 } 184 185 public String getCity() { 186 return city; 187 } 188 189 public String getState() { 190 return state; 191 } 192 193 public String getZip() { 194 return zip; 195 } 196 } 197 } |
The statement (line 43)
HttpSession httpSession = request.getSession();
obtains a session, or creates a new session if the session does not exist.
Since objects can be stored in HttpSession , this program defines a Student class. A Student object is created and is stored in the session using the setAttribute method, which binds the object with a name like the one shown below (line 46):
httpSession.setAttribute( "student" , student);
To retrieve the object, use the following statement (line 80):
Student student = (Student)(httpSession.getAttribute( "student" ));
There is only one session between a client and a servlet. You can store any number of objects in a session. By default, a session stays alive as long as the servlet is not destroyed . You can explicitly set the session active time using the setMaxInactiveInterval method.