Pages

Thursday, June 28, 2012

Session Tracking

What is Session ?

Session is nothing But the time for which a client is recognizable to the web application.
When a client first time makes a request for some web resource by providing some information about itself the Session starts, and when the serving web application loses information about the client the session ends.
For example : when you click on login button after providing a valid email id and password in the Gmail login screen your session is started, because from that time onward google can recognize you untill you logout. 

Here in this Post you will learn about the requirement of session tracking and various mechanisms to achieve session tracking.

What is Session Tracking ? 

Session tracking is mechanism of tracking the client provided data and making it available to the next request from the same client.and this process is continued until the user choose to LogOut or terminate the session.

Why we need Session Tracking ?

Hypertext Transfer Protocol(HTTP) we all are familiar with this protocol because it is totally unavoidable.
The must know characteristic of HTTP is its stateless nature.
Stateless means it can't sustain a relationship with the clients.HTTP protocol sends a response back to a client and then it just forget about this activity, and go for serving next request. 

StateLess nature of Http protocol
If our requirement is limited to static content only then HTTP is very effective because it is faster than any other protocol,but what to do if you want to be recognized by the application you are using on the web.
like if you want to reserve air tickets and you are on website of Kingfisher Airlines,how would you feel if they ask you for your account information and then shows you a welcome note, obviously you will feel good to be welcomed
but what happens if they just forget about you on the next request and again ask you to provide account information,everybody is supposed to lose patience at that time this is also obvious.
So the Conclusion is,we need to maintain client data to design effective dynamic applications.




Session tracking mechanisms :

1. Hidden Form Fields.
2. Cookies.
3. URL rewriting.
4. HttpSession interface.

Hidden Form Fields Mechanism: as we are aware about html forms,they are used to accept input from client or end user.
Form fields are of three types regular,password and hidden.
we can define them like this:
<input type="text" name="<any anme>" value="<default value>"/>
<input type="password" name="<any name>" value="<default value>"/>
<input type="hidden" name="<any name>" value="<value of field>"/>
 The last one with type="hidden" is not displayed by the browser while rendering the response.So these hidden form fields become effective tools to embed information about the client inside the html forms without displaying it to the end user.
The wonderful quality of hidden fields is,they are automatically sent with the request object along other fields when user clicks on the submit button.

Example:
here is an example of a simple servlet based application using hidden form fields to maintain client data.


Bank account refilling application

In the above sample application flow diagram,first of all user sees a login form:
<form action="Authorization" method="post">
<input type="text" name="userid"/>
<input type="password" name="upasswd"/>
<input type="submit" value="login"/>
</form>

User name:
Password:


when the user click on login the control goes to Authorization servlet which accesses database to match the input data and if the data provided by the user is valid it produces a dynamic html form like this:
<form action="refill" method="post">
<input type="hidden" value=request.getParameter("userid")/>
<input type="text" name="bank"/>
<input type="text" name="amount"/> 
<input type="submit"/>
</form>

Bank name:
Amount to be Filled:

when the user clicks on the refill button the control automatically goes to refill servlet which then communicate with database to refill the account of client with userID embedded in the hidden form field.

So now i think its clear to you that how the information is shared between multiple requests using hidden form fields. 

now its time to discuss some drawbacks of this mechanism of hidden form fields

Drawbacks:
1.It is not supported by hyperlinks :means if the control transfer is through the means of form submission then its k but if a user clicks on an anchor tag then all the information in hidden fields is just lost.
2.We cant track sensitive data like passwords in the hidden form fields because,even a average technical person can view the HTML source of the pages retrieved from server and take out passwords very easily.
3.Useful only if the forms are generated by server side scripts,these hidden fields are of no use in session tracking if the forms are static. 


The alternative to the mechanism of hidden form fields are :

Cookies 

URL rewriting  


HttpSession interface.

No comments:

Post a Comment