Servlets - Session Tracking

HTTP is a "stateless" protocol which implies each time a client recovers a Web page, the client opens a different association with the Web server and the server naturally does not keep any record of past client request.

Still there are following three different ways to keep up session between web client and web server −


A webserver can dole out a one of a kind session ID as a cookie to each web client and for consequent solicitations from the client they can be perceived utilizing the recieved cookie.

This may not be a powerful way in light of the fact that many time program does not support a cookie, so I would not prescribe to utilize this method to keep up the sessions.

Hidden Form Fields

A web server can send a hidden HTML structure field alongside a one of a kind session ID as pursues −

<input type = "hidden" name = "sessionid" esteem = "12345"> 

This passage implies that, when the structure is presented, the predetermined name and esteem are consequently included into the GET or POST information. Each time when internet browser sends request back, at that point session_id esteem can be utilized to monitor diverse web browsers.

This could be a successful method for track the session however clicking on a normal (<A HREF...>) hypertext interface does not result in a structure accommodation, so hidden structure fields likewise can't support general session tracking.

URL Rewriting

You can add some additional information on the finish of every URL that distinguishes the session, and the server can connect that session identifier with information it has put away about that session.

For model, with;sessionid = 12345, the session identifier is connected as sessionid = 12345 which can be gotten to at the web server to recognize the client.

URL modifying is a superior method to keep up sessions and it works notwithstanding when programs don't support cookies. The disadvantage of URL re-composing is that you would need to produce each URL progressively to allot a session ID, even if there should be an occurrence of a method static HTML page.

The HttpSession Object

Apart from the previously mentioned three different ways, servlet gives HttpSession Interface which gives an approach to recognize a client crosswise over more than one page demand or visit to a Web website and to store data about that user.

The servlet holder utilizes this interface to make a session between a HTTP client and a HTTP server. The session perseveres for a predetermined timespan, crosswise over more than one association or page request from the user.

You would get HttpSession object by calling the open strategy getSession() of HttpServletRequest, as underneath −

HttpSession session = request.getSession();

You need to call request.getSession() before you send any archive substance to the customer. Here is a synopsis of the critical techniques accessible through HttpSession object −

Sr.No. Method & Description

public Object getAttribute(String name)

This strategy returns the article bound with the predefined name in this session, or invalid if no item is bound under the name.


public Enumeration getAttributeNames()

This method returns an Enumeration of String objects containing the names of the considerable number of articles bound to this session.


public long getCreationTime()

This method returns when this session was made, estimated in milliseconds since midnight January 1, 1970 GMT.


public String getId()

This method returns a string containing the one of a kind identifier appointed to this session.


public long getLastAccessedTime()

This method returns the last gotten to time of the session, in the configuration of milliseconds since midnight January 1, 1970 GMT


public int getMaxInactiveInterval()

This strategy returns the most extreme time interim (seconds), that the servlet holder will keep the session open between client accesses.


public void nullify()

This strategy refutes this session and unbinds any items bound to it.


public boolean isNew(

This method returns genuine if the client does not yet think about the session or if the client decides not to join the session.


public void removeAttribute(String name)

This method evacuates the article bound with the predetermined name from this session.


public void setAttribute(String name, Object esteem)

This strategy ties an item to this session, utilizing the name specified.


public void setMaxInactiveInterval(int interim)

This strategy determines the time, in short order, between client asks for before the servlet holder will negate this session.

Session Tracking Example

This model depicts how to utilize the HttpSession item to find the creation time and the last-got to time for a session. We would connect another session with the demand on the off chance that one doesn't as of now exist.

© Javacodegeeks 2018 -
All Right Reserved and you agree to have read and accepted our term and condition.

Python 3