About this task
This information, combined with the coding example SessionSample.java,
provides a programming model for implementing sessions in your own
servlets.
Procedure
-
Get the HttpSession object.
To obtain a session, use the getSession method of the javax.servlet.http.HttpServletRequest
object in the Java™ Servlet 3.0 API.
When you first obtain the HttpSession object, the Session Management facility uses one of three
ways to establish tracking of the session: cookies, URL rewriting, or Secure Sockets Layer (SSL)
information.
Deprecated feature: Session tracking using the SSL ID was deprecated in WebSphere®
Application Server Version 7.0. You can configure session tracking to use cookies or modify the
application to use URL rewriting
Assume the Session Management facility uses cookies. In such a case, the Session Management
facility creates a unique session ID and typically sends it back to the browser as a cookie.
Each subsequent request from this user (at the same browser) passes the cookie containing the
session ID, and the Session Management facility uses this ID to find the user's existing HttpSession
object.
In Step 1 of the code sample, the Boolean(create) is set to true
so that the
HttpSession object is created if it does not already exist. (With the Servlet 2.3 API and later, the
javax.servlet.http.HttpServletRequest.getSession() method with no boolean defaults to
true
and creates a session if one does not already exist for this user.)
-
Store and retrieve user-defined data in the session.
After a session is established, you can add and retrieve user-defined data to the session. The
HttpSession object has methods similar to those in java.util.Dictionary for adding, retrieving, and
removing arbitrary Java objects.
In Step 2 of the code sample, the servlet reads an integer object from the HttpSession,
increments it, and writes it back. You can use any name to identify values in the HttpSession
object. The code sample uses the name sessiontest.counter.
Because the HttpSession object is shared among servlets that the user might access, consider
adopting a site-wide naming convention to avoid conflicts.
- Optional:
Output an HTML response page containing data from the HttpSession object.
-
Provide feedback to the user that an action has taken place during the session. You may want to
pass HTML code to the client browser indicating that an action has occurred.
For example, in step 3 of the code sample, the servlet generates a web page that is returned
to the user and displays the value of the sessiontest.counter each time the user visits that web
page during the session.
- Optional:
Notify Listeners.
Objects stored in a session that implement the
javax.servlet.http.HttpSessionBindingListener interface are notified when the session is preparing
to end and become invalidated. This notice enables you to perform post-session processing, including
permanently saving the data changes made during the session to a database.
Note: For compatibility
with Java Platform, Enterprise Edition 7, a session's
attributes must be removed by the Session Management facility when the session is invalidated. This
requirement can result in the HttpSessionBindingListener.valueUnbound()
method
being called twice. To avoid these duplicated calls, explicitly remove the session attributes inside
the application before the session is invalidated.
-
End the session.
You can end a session:
- Automatically with the Session Management facility if a session is inactive for a specified
time. The administrators provide a way to specify the amount of time after which to invalidate a
session.
- By coding the servlet to call the invalidate() method on the session object.
Example
import java.io.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class SessionSample extends HttpServlet {
public void doGet (HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// Step 1: Get the Session object
boolean create = true;
HttpSession session = request.getSession(create);
// Step 2: Get the session data value
Integer ival = (Integer)
session.getAttribute ("sessiontest.counter");
if (ival == null) ival = new Integer (1);
else ival = new Integer (ival.intValue () + 1);
session.setAttribute ("sessiontest.counter", ival);
// Step 3: Output the page
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("<html>");
out.println("<head><title>Session Tracking Test</title></head>");
out.println("<body>");
out.println("<h1>Session Tracking Test</h1>");
out.println ("You have hit this page " + ival + " times" + "<br>");
out.println ("Your " + request.getHeader("Cookie"));
out.println("</body></html>");
}
}