Embed Size (px)
Session Tracking
Problem:• Identifizierung und
Speicherung persönlicher Daten
• Warenkorb
Lösung:• Session mit ID
AnmeldungID
REQ + IDRES
ID: JKLMGHNB45kdse43k
ID: JEWTSDTRWE45rrtt
ID: ETWEFDR234ewdw
CookiesS
essio
n T
rackin
g
String sessionID = makeUniqueString();
Cokie sessionCookie = new Cokie(“jsession“, sessionID);sessionCookie.setPath(“/ “);response.addCookie(sessionCookie);
Server:Generierung einer eindeutigen ID
Client:Verwaltet Cookies
URL-RewritingS
essio
n T
rackin
g
http://host/path/index.html;jsession=1234Diese Methode funktioniert auch mit Browsern ohne
Cookies.
Server:Generierung einer eindeutigen IDAngabe der Verfallszeit (expiration time)Verknüpfung Session Information mit Request
Client: URL enthält mit zusätzliche Information.
Hidden Form FieldsS
essio
n T
rackin
g
<INPUT TYPE=“HIDDEN“ NAME=“JSESSIONID“ VALUE=“1234“>
Nachteil: Jede Seite muss dynamisch generiert werden.
Server:Generierung einer eindeutigen IDAngabe der Verfallszeit (expiration time)Verknüpfung Session Information mit Request
HTTPSession Objekt
Servlet Container
http://..Session_Tomcat Webserver
Id keine ! neue Id kgwxSession
name:wert
http://..Session_Tomcat
Id kgwxId ausCookie oder URL
Methoden von HttpSessionS
essio
n T
rackin
g
public Object getValue(String name) [2.1]
public Object getAttribute(String name) [2.2]
public void putValue(String name,Object value); [2.1]
public void setAttribute(String name,Object value);[2.2]
public void removeValue(String name); [2.1]
public void removeAttribute(String name);[2.2]
Methoden von HttpSessionS
essio
n T
rackin
g
public String[] getValueNames() [2.1]
public Enumeration getAttributeNames() [2.2]
Alle Attribute einer Session werden zurückgegeben.
public String getId();
Eindeutige Session Id
public boolean isNew();
true, falls der Browser die Session noch nie gesehen hat.
Methoden von HttpSessionS
essio
n T
rackin
g
public long getCreationTime()
Zeit in Millisekunden von Januar 1970
public int getMaxInactiveInterval();
public void setMaxInactiveInterval(int seconds)
Maximale inaktive Zeit, die eine Session überleben soll.
seconds < 0 ; die Session soll immer aktiv bleiben
public void invalidate();
Session wird mit allen assoziierten Objekten gelöscht.
Automatische URL-rewritingS
essio
n T
rackin
g
Das Servlet stellt automatisch auf URL-rewriting um, falls Cookies nicht erlaubt sind.
Für lokale Links:
String originalURL = someRelativeorAbsoluteURL;
String encodedURL = response.encodeURL(originalURL);
out.println(“<A HREF=\““ + encodedURL + “\“> ….</A>“);
package session;import java.io.*;import java.text.*;import java.util.*;import javax.servlet.*;import javax.servlet.http.*;
public class Session_Tomcat extends HttpServlet { public void doGet(HttpServletRequest request,HttpServletResponse
response)throws IOException, ServletException { response.setContentType("text/html");
PrintWriter out = response.getWriter(); out.println("<html><body bgcolor=\"white\"><head>"); String title = "Praxis der Internet Programmierung"; out.println("<title>" + title + "</title></head><body>"); out.println("<h3>" + title + "</h3>");
Session
Session HttpSession session = request.getSession(); out.println("SessionId " + session.getId()); out.println("<br>Erzeugungszeit: "); out.println(new Date(session.getCreationTime()) + "<br>"); out.println("Letztmals benutzt: "); out.println(new Date(session.getLastAccessedTime()));
String dataName = request.getParameter("dataname"); String dataValue = request.getParameter("datavalue"); if (dataName != null && dataValue != null) { session.setAttribute(dataName, dataValue); } out.println("<P>Session Data <br>"); Enumeration names = session.getAttributeNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); String value = session.getAttribute(name).toString(); out.println(name + " = " + value + "<br>"); }
Session
out.print("<P><form action=\""); out.print(response.encodeURL("Session_Tomcat")); out.print("\" "); out.println("method=POST>"); out.println("Name: <input type=text size=20 name=dataname>"); out.println("<br>Wert:"); out.println("<input type=text size=20 name=datavalue>"); out.println("<br><input type=submit>"); out.println("</form>");
out.println("<P>GET based form:<br>"); out.print("<form action=\""); out.print(response.encodeURL("Session_Tomcat")); out.print("\" ");
Session
out.println("method=GET>"); out.println("Name:<input type=text size=20 name=dataname>"); out.println("<br>Wert:"); out.println("<input type=text size=20 name=datavalue>"); out.println("<br><input type=submit>"); out.println("</form>"); out.print("<p><a href=\""); out.print(response.encodeURL("Session_Tomcat?dataname=foo&
datavalue=bar")); out.println("\" >URL encoded </a>"); out.println("</body></html>"); } public void doPost(HttpServletRequest request,HttpServletResponse
response)throws IOException, ServletException { doGet(request, response); }}
Praktikum
Einfacher Warenkorb:
1. Name, Vorname, Passwort in Session speichern
2. Gegenstände hinzufügen
3. Warenkorb anschauen
4. Gegenstände entfernen
public abstract class CatalogPage extends HttpServlet {
private Item[] items;
private String[] itemIDs;
private String title;
/** cut some lines **/
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
if (items == null) {
response.sendError(response.SC_NOT_FOUND,
"Missing Items.");
return;
}
Sessio
n T
rackin
gWarenkorbsystem: Katalog
PrintWriter out = response.getWriter();
out.println(ServletUtilities.headWithTitle(title) +
"<BODY BGCOLOR=\"#FDF5E6\">\n" +
"<H1 ALIGN=\"CENTER\">" + title + "</H1>");
Item item;
for(int i=0; i<items.length; i++) {
out.println("<HR>");
item = items[i];
if (item == null) {
out.println("<FONT COLOR=\"RED\">" +
"Unknown item ID " + itemIDs[i] +
"</FONT>");
} else {
Warenkorbsystem: KatalogS
essio
n T
rackin
g
out.println();
String formURL ="/servlet/onlinestore.OrderPage";
formURL = response.encodeURL(formURL);
out.println
("<FORM ACTION=\"" + formURL + "\">\n" +
"<INPUT TYPE=\"HIDDEN\" NAME=\"itemID\" " +
" VALUE=\"" + item.getItemID() + "\">\n" +
"<H2>" + item.getShortDescription() +
" ($" + item.getCost() + ")</H2>\n" +
item.getLongDescription() + "\n" +
"<P>\n<CENTER>\n" +
"<INPUT TYPE=\"SUBMIT\" " +
"VALUE=\"Add to Shopping Cart\">\n" +
"</CENTER>\n<P>\n</FORM>"); ….
Warenkorbsystem: KatalogS
essio
n T
rackin
g
HttpSession session = request.getSession(true);
ShoppingCart cart;
synchronized(session) {
cart = (ShoppingCart)session.getValue("shoppingCart");
// New visitors get a fresh shopping cart.
// Previous visitors keep using their existing cart.
if (cart == null) {
cart = new ShoppingCart();
session.putValue("shoppingCart", cart);
}
Warenkorbsystem: BestellungenS
essio
n T
rackin
g
String itemID = request.getParameter("itemID");
if (itemID != null) {
String numItemsString =
request.getParameter("numItems");
if (numItemsString == null) {
// If request specified an ID but no number, then customers //came here via an "Add Item to Cart" button on a catalog page.
cart.addItem(itemID);
} else {
Warenkorbsystem: BestellungenS
essio
n T
rackin
g
// If request specified an ID and number, then
// customers came here via an "Update Order" button
// after changing the number of items in order.
// Note that specifying a number of 0 results
// in item being deleted from cart.
int numItems;
try {
numItems = Integer.parseInt(numItemsString);
} catch(NumberFormatException nfe) {
numItems = 1;
}
cart.setNumOrdered(itemID, numItems);
}
}
}
Warenkorbsystem: BestellungenS
essio
n T
rackin
g
// Whether or not the customer changed the order, show order status.
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String title = "Status of Your Order";
out.println(ServletUtilities.headWithTitle(title) +
"<BODY BGCOLOR=\"#FDF5E6\">\n" +
"<H1 ALIGN=\"CENTER\">" + title + "</H1>");
synchronized(session) {
Vector itemsOrdered = cart.getItemsOrdered();
if (itemsOrdered.size() == 0) {
out.println("<H2><I>No items in your cart...</I></H2>");
Warenkorbsystem: BestellungenS
essio
n T
rackin
g
for(int i=0; i<itemsOrdered.size(); i++) {
order = (ItemOrder)itemsOrdered.elementAt(i);
out.println
("<TR>\n" +
" <TD>" + order.getItemID() + "\n" +
" <TD>" + order.getShortDescription() + "\n" +
" <TD>" +
formatter.format(order.getUnitCost()) + "\n" + " <TD>" +
"<FORM ACTION=\"" + formURL + "\">\n" +
"<INPUT TYPE=\"HIDDEN\" NAME=\"itemID\"\n" +
" VALUE=\"" + order.getItemID() + "\">\n" +
"<INPUT TYPE=\"TEXT\" NAME=\"numItems\"\n" +
" SIZE=3 VALUE=\"" +
order.getNumItems() + "\">\n" +
Warenkorbsystem: BestellungenS
essio
n T
rackin
g
} else {
// If there is at least one item in cart, show table
// of items ordered.
out.println
("<TABLE BORDER=1 ALIGN=\"CENTER\">\n" +
"<TR BGCOLOR=\"#FFAD00\">\n" +
" <TH>Item ID<TH>Description\n" +
" <TH>Unit Cost<TH>Number<TH>Total Cost");
ItemOrder order;
NumberFormat formatter = NumberFormat.getCurrencyInstance();
String formURL = "/servlet/onlinestore.OrderPage";
formURL = response.encodeURL(formURL);
Warenkorbsystem: BestellungenS
essio
n T
rackin
g
"<SMALL>\n" +
"<INPUT TYPE=\"SUBMIT\"\n "+
" VALUE=\"Update Order\">\n" +
"</SMALL>\n" +
"</FORM>\n" +
" <TD>" +
formatter.format(order.getTotalCost()));
}
String checkoutURL =
response.encodeURL("/servlet/onlinestore.Checkout");
Warenkorbsystem: BestellungenS
essio
n T
rackin
g
// "Proceed to Checkout" button below table
out.println
("</TABLE>\n" +
"<FORM ACTION=\"" + checkoutURL + "\">\n" +
"<BIG><CENTER>\n" +
"<INPUT TYPE=\"SUBMIT\"\n" +
" VALUE=\"Proceed to Checkout\">\n" +
"</CENTER></BIG></FORM>");
}
out.println("</BODY></HTML>");
} /** synchronized **
}
Warenkorbsystem: BestellungenS
essio
n T
rackin
g
