As we know that the Http is a stateless
protocol, means that it can't persist the information. It always treats each
request as a new request. In Http client makes a connection to the server, sends
the request., gets the response, and closes the connection.
In session management client first make a request for
any servlet or any page, the container receives the request and generate a
unique session ID and gives it back to the client along with the response. This
ID gets stores on the client machine. Thereafter when the client request again
sends a request to the server then it also sends the session Id with the
request. There the container sees the Id and sends back the request.
Session Tracking can be done in three ways:
- Hidden Form Fields: This is one of the way to
support the session tracking. As we know by the name, that in this fields
are added to an HTML form which are not displayed in the client's request.
The hidden form field are sent back to the server when the form is
submitted. In hidden form fields the html entry
will be like this : <input type ="hidden" name =
"name" value="">. This means that when you submit the
form, the specified name and value will be get included in get or post
method. In this session ID information would be embedded within the form as
a hidden field and submitted with the Http POST command.
- URL Rewriting: This is another way to support
the session tracking. URLRewriting can
the session. Whenever the browser sends a request then it is always
interpreted as a new request because http protocol is a stateless protocol
as it is not persistent. Whenever we want that out request object to stay
alive till we decide to end the request object then, there we use the
concept of session tracking. In session tracking firstly a session object is
created when the first request goes to the server. Then server creates a
token which will be used to maintain the session. The token is transmitted
to the client by the response object and gets stored on the client machine.
By default the server creates a cookie and the cookie get stored on the
- Cookies: When cookie based session management
is used, a token is generated which contains user's information, is sent to
the browser by the server. The cookie is sent back to the server when the
user sends a new request. By this cookie, the server is able to identify the
user. In this way the session is maintained. Cookie is nothing but a name-
value pair, which is stored on the client machine. By default the cookie is
implemented in most of the browsers. If we want then we can also disable the
cookie. For security reasons, cookie based session management uses two types