HTTP
is “stateless” protocol, because of that it’s doesn’t keep any track record of
previous client request there for every request client opens a new connection
to the web server. But for identify the clients we have to use HTTP sessions.
Create
HTTP Session
protected void doPost(HttpServletRequest
request,
HttpServletResponse response)
throws ServletException, IOException
{
HttpSession session =
request.getSession ();
}
Store the values in Session Object
session.setAttribute("useridKey",
"userIdvalue");
Read the session value
String userName = (String) session.getAttribute("useridKey");
***Values of session objects are stored in a servlet container memory
Sessions in Cluster
If web application runs on cluster (2 or more nodes),
keep it mind the session will be create in only one server memory. For this
problem have few solutions and also they have their own draw backs as well.
- Save the session data in a DB. (Cause huge performance decrease)
- Instructed to load balancer to use sticky sessions, for the particular session all the interaction will happen with the same physical server, even though other servers are present. (if that server goes down?, session will be lost L L)
- Sync up the session, session get replicated in all other nodes in the cluster.(additional overhead for sync up)
HTTP Cookies
HTTP cookies are small files (size<4KB; according to
http protocol) that create by web browser. Web server can only access cookies
which are set to their own domain. There is limited numbers of cookies for one domain.
This number may differ per browser. You can refer additional from here http://browsercookielimits.squawky.net but
general limit is 20 per domain and total 300 maximum cookies can have for one client’s
hard
drive. Again it’s differ based on the browser. When exceed the limit of
cookies older cookies delete before create the new one.
Cookies have an expiration
date. This date is set so the browser can delete old cookies when they are no
longer in use. If the date is not set cookies will be delete when the browser
is closed.
Snippet part of the http response
Set-Cookie: Name=content data;
expires=Sun, 31-June-2015 23:59:59 GMT; path=/; domain=.example.net
Set-Cookie:
let browser know server like to create cookie in the client hard drive
Name:
name of of the cookie (eg-: userId=content data)
content
data: the data which can be store in the cookie(eg:-userId=003)
expires:
expire date of cookie
path: the
path of the domain to which the cookie is sent. This means that, if the path is set to '/login/,' and the domain
is set to 'mysite.com,' the cookie will only be sent to the server if the
browser requests a file from 'mysite.com/login/'. If the path is set to '/',
the cookie will be sent to the server regardless of the location of the
requested file on the server.
Write Cookie and add it to an HttpServletResponse
Cookie cookie = new Cookie("myCookie",
"myCookieValue");
response.addCookie(cookie);
Read the cookies
Cookie[] cookies = request.getCookies();
** getCookies() may return null
Set cookie expire
Cookie cookie = new Cookie("myCookie",
"myCookieValue");
cookie.setMaxAge(24 * 60 * 60); // 24 hr
response.addCookie(cookie);
Remove cookies
Cookie cookie = new Cookie("myCookie",
"myCookieValue");
cookie.setMaxAge(0);
response.addCookie(cookie);
very informative and impressive article. Thanks for sharing with us
ReplyDeleteLinux Cloud Hosting