52. What is session management?
Session management is a mechanism for maintaining state across multiple HTTP requests. This is managed by the web container. In other words it is a technique to hold some values passed by user across multiple HTTP requests arising out from a single browser instance.
Session life cycle is managed for each web browser instance opened and it exists till the browser is closed or till the session time outs(set in the server configurations).
54. What is the need for session?
HTTP is a stateless protocol. So if developers need to develop pages where needs to maintain the application user’s state across multiple requests he can use session. For example, he can store the following information: Login name, users state/city, user ID number etc.
55. How is session tracked for a user?
Each user session is tracked by unique ID called JSESSIONID. This is similar to how a employee is identified in a organization using employee id. JSESSIONID will be generated the first time the user visits a site. JSESSIONID will be generated for each browser instance.
56. What are session management techniques?
The following are the session management techniques. These are used for managing the data’s between pages of the user in a session.
- Hidden Form fields
- URL Rewriting
- Session object
57. What is a Hidden Field?
Hidden Fields are nothing but normal HTML form element with type Hidden to store the user data across HTTP request.
58. How Hidden Form field is used for session tracking?
The user state to be preserved across HTTP request can be stored as a hidden elements in the HTML pages which can be read from other pages.
59. How to access Hidden form field values?
Hidden form field values can be read using request.getParameter(“key”) method.
60. What are the advantages of Hidden form field?
- It does not consume any memory space in web server as it is stored in the HTML pages.
- It works even if users disable cookies.
61. What are the disadvantages of Hidden form field?
- It can be used only with HTML forms.
- This is not secured.
- Very complex to develop and maintain as all the pages which needs state information needs to be implemented for the hidden fields.
62. What is URL rewriting?
The mechanism by which the user state or information’s are appended to the URL for tracking the state/session of the user. Example: The userName is appended to the URL.
where, userName and location are user information set as parameter in the URL.
63. What are the advantages of URL rewriting?
- Every data is appended to the URL. So it is easy to debug.
- It works even if users disable cookies.
64. What are the disadvantages of URL rewriting?
- URL length is a limitation, so we cannot store information beyond a limit.
- The URL contains data so it is not secured.
- Difficult to maintain in large application since in each page the URL should be rewritten to carry the data.
65. What is a cookie?
It is a simple piece of textual information(in key value pair format) stored on the client(browser machine). Cookies information are returned to the server with every request from the client.
66. How cookies are identified in client machine?
The browser matches the cookies present with the site URL. If a match is found, that cookie is returned with the request.
67. What are the steps for using cookie?
- Step 1: Create the cookie object.
- Step 2: Set the cookie object to the HTTP response.
- Step 3: Read the cookies from the next HTTP request.
- Step 4: Validate the cookie value for session tracking.
68. How cookie is created?
Cookies are created using the Cookie class of Servlet API.
Cookie cookie = new Cookie(identifier,value);
Where identifier is the name of the state information, value represents the value of the state.
Example: Cookie cookie = new Cookie(“userName”,”Tim”);
69. How cookies are set to the response?
Since cookies are stored at the client, cookies are set to the response object and sent to the client using the addCookie() method of the HTTPServletResponse interface.
Cookie cookie = new Cookie(“userName”,”Tim”);
70. How cookie values are read from request?
Cookies stored in the client will be sent to the server along with the HTTP request, each time the client requests a page. The cookies in request object can be read using the getCookies() of the HTTPServletRequest interface.
Cookie cookieList = request.getCookies();
cookieList array can be traversed to read all the cookie value associated with particular client session.
71. What are the advantages of using cookie?
- It is easy to develop and maintain.
- Less overhead to the server since data is stored in the client.
- It minimizes the server memory usage.
72. What are the disadvantages of using cookie?
- Size and number of cookies stored are limited.
- Stored as plain text in a specific directory, everyone can view and modify them. So it is not secured.
- It is browser dependent, so if client has disabled cookies this can lead to erroneous behavior of the application.
73. What is a session object?
Session object is a container used for storing user states in server.
- The session object lifecycle is maintained by web container.
- The Servlet API HTTPSession interface provides features for session tracking.
- HTTPSession objects are objects used for storing client session information.
74. How are session values stored?
Session values are stored in key/value format similar to Map interface. Each value would have a name bound to it for retrieving the values.
75. How session object is accessed?
Session object associated with a user session is read from the user HTTP request using the getSession() method of the HTTPServletRequest interface.
HTTPSession session = request.getSession();