HTTP Session: Difference between revisions
| Line 31: | Line 31: | ||
:[[JBossWeb/Tomcat HTTP Session Implementation Details]] | :[[JBossWeb/Tomcat HTTP Session Implementation Details]] | ||
</blockquote> | </blockquote> | ||
=Browser/Server Conversation on Session Establishment= | |||
The first HTTP response that initiates the session and plants the cookie on the browser: | |||
<pre> | |||
HTTP/1.x 200 OK | |||
Date: Thu, 22 Oct 2009 14:17:28 GMT | |||
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 a/journals/zihuatanejo.html$ mod_jk/1.2.26 | |||
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5 | |||
Set-Cookie: JSESSIONID=71867A63768B13C9B58E623401BE7C57.tastcomapp01; Path=/ | |||
Cache-Control: no-cache | |||
Keep-Alive: timeout=5, max=100 | |||
Connection: Keep-Alive | |||
Transfer-Encoding: chunked | |||
Content-Type: text/html;charset=UTF-8 | |||
</pre> | |||
In the example above, the session cookie is JSESSIONID and the session ID is 71867A63768B13C9B58E623401BE7C57.tastcomapp01. | |||
Subsequent HTTP requests include the session id as a header: | |||
<pre> | |||
GET /thirdpartyheaderarray HTTP/1.1 | |||
Host: 10.58.128.48 | |||
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 | |||
Accept: */* | |||
Accept-Language: en-us,en;q=0.5 | |||
Accept-Encoding: gzip,deflate | |||
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 | |||
Keep-Alive: 300 | |||
Connection: keep-alive | |||
Referer: http://10.58.128.48/ | |||
Cookie: JSESSIONID=71867A63768B13C9B58E623401BE7C57.tastcomapp01 | |||
</pre> | |||
Revision as of 23:07, 31 May 2016
Internal
Overview
HTTP is a stateless protocol and maintaining a conversational state of the server is not directly supported by the protocol. HTTP provides no build-in way for a server to recognize that a sequence of requests originate from the same user. Since CGI, developers have been using various techinques to track the session: user authentication, hidden form fields, URL rewriting and persistent cookies. The servlet API brings improved support for session tracking. The support is built in top of the traditional techniques and it simplifies the task of session tracking in your servlets.
Example
- A HTTP Session Servlet https://github.com/NovaOrdis/playground/tree/master/jee/servlet/session-servlet
Methods to Maintain a HTTP Session
Servlet Session Tracking API
Session Implementation Details
Browser/Server Conversation on Session Establishment
The first HTTP response that initiates the session and plants the cookie on the browser:
HTTP/1.x 200 OK Date: Thu, 22 Oct 2009 14:17:28 GMT Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 a/journals/zihuatanejo.html$ mod_jk/1.2.26 X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5 Set-Cookie: JSESSIONID=71867A63768B13C9B58E623401BE7C57.tastcomapp01; Path=/ Cache-Control: no-cache Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html;charset=UTF-8
In the example above, the session cookie is JSESSIONID and the session ID is 71867A63768B13C9B58E623401BE7C57.tastcomapp01.
Subsequent HTTP requests include the session id as a header:
GET /thirdpartyheaderarray HTTP/1.1 Host: 10.58.128.48 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 Accept: */* Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://10.58.128.48/ Cookie: JSESSIONID=71867A63768B13C9B58E623401BE7C57.tastcomapp01