HTTP Session: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
 
(14 intermediate revisions by the same user not shown)
Line 1: Line 1:
=External=
* How can I disable session creation for RESTEasy application? https://access.redhat.com/solutions/1290373
=Internal=
=Internal=


Line 8: Line 12:
HTTP is a stateless protocol and maintaining a conversational state of the server is not directly supported by the protocol. HTTP provides no build-in way for a server to recognize that a sequence of requests originate from the same user. Since CGI, developers have been using various techinques to track the session: user authentication, hidden form fields, URL rewriting and persistent cookies. The servlet API brings improved support for session tracking. The support is built in top of the traditional techniques and it simplifies the task of session tracking in your servlets.
HTTP is a stateless protocol and maintaining a conversational state of the server is not directly supported by the protocol. HTTP provides no build-in way for a server to recognize that a sequence of requests originate from the same user. Since CGI, developers have been using various techinques to track the session: user authentication, hidden form fields, URL rewriting and persistent cookies. The servlet API brings improved support for session tracking. The support is built in top of the traditional techniques and it simplifies the task of session tracking in your servlets.


=Example=
=Subjects=


<blockquote style="background-color: AliceBlue; border: solid thin LightSteelBlue;">
* [[Methods to Maintain a HTTP Session]]
:A HTTP Session Servlet https://github.com/NovaOrdis/playground/tree/master/jee/servlet/session-servlet
* [[Servlet Session Tracking API]]
</blockquote>
* [[HTTP Session Timeout]]
* [[HTTP Session Replication]]
* [[HTTP Session Passivation]]
* [[JBossWeb/Tomcat HTTP Session Implementation Details]]
* [[JBoss HTTP Session Troubleshooting]]
* [[Curl#Simulation_of_a_HTTP_Session_JSessionID|Simulation of a HTTP Session with curl]]


=Methods to Maintain a HTTP Session=
=Example=
 
<blockquote style="background-color: #f9f9f9; border: solid thin lightgrey;">
:[[Methods to Maintain a HTTP Session]]
</blockquote>
 
=Servlet Session Tracking API=
 
<blockquote style="background-color: #f9f9f9; border: solid thin lightgrey;">
:[[Servlet Session Tracking API]]
</blockquote>
 
=Session Implementation Details=
 
<blockquote style="background-color: #f9f9f9; border: solid thin lightgrey;">
:[[JBossWeb/Tomcat HTTP Session Implementation Details]]
</blockquote>
 
=Browser/Server Conversation on Session Establishment=
 
The first HTTP response that initiates the session and plants the cookie on the browser:
 
<pre>
HTTP/1.x 200 OK
Date: Thu, 22 Oct 2009 14:17:28 GMT
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 a/journals/zihuatanejo.html$ mod_jk/1.2.26
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Set-Cookie: JSESSIONID=71867A63768B13C9B58E623401BE7C57.tastcomapp01; Path=/
Cache-Control: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html;charset=UTF-8
</pre>
 
In the example above, the session cookie is JSESSIONID and the session ID is 71867A63768B13C9B58E623401BE7C57.tastcomapp01.
 
Subsequent HTTP requests include the session id as a header:


<pre>
{{Internal|Session Servlet Example|Session Servlet Example}}
GET /thirdpartyheaderarray HTTP/1.1
Host: 10.58.128.48
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://10.58.128.48/
Cookie: JSESSIONID=71867A63768B13C9B58E623401BE7C57.tastcomapp01
</pre>

Latest revision as of 20:37, 7 February 2018

External

Internal

Overview

HTTP is a stateless protocol and maintaining a conversational state of the server is not directly supported by the protocol. HTTP provides no build-in way for a server to recognize that a sequence of requests originate from the same user. Since CGI, developers have been using various techinques to track the session: user authentication, hidden form fields, URL rewriting and persistent cookies. The servlet API brings improved support for session tracking. The support is built in top of the traditional techniques and it simplifies the task of session tracking in your servlets.

Subjects

Example

Session Servlet Example