- use Session Tracking capabilities
- By using Cookies. A Cookie is a string (in this case that string is the session ID) which is sent to a client to start a session. If the client wants to continue the session it sends back the Cookie with subsequent requests. This is the most common way to implement session tracking.
- By rewriting URLs. All links and redirections which are created by a Servlet have to be encoded to include the session ID. This is a less elegant solution (both, for Servlet implementors and users) because the session cannot be maintained by requesting a well-known URL oder selecting a URL which was created in a different (or no) session. It also does not allow the use of static pages. All HTML pages which are sent within a session have to be created dynamically.
Our next Servlet manages a virtual shopping cart. Users can add various items to their shopping cart via HTML forms. The shopping cart contents are stored on the server and each user gets his own shopping cart which is selected automatically whenever he makes a request to the Servlet.
In the simplified version that we implement in class
ShoppingCartServlet there are only two kinds of items, named FOO and BAR. By pressing a button in an HTML form a single FOO or BAR item can be put into the shopping cart. There's another button to see the current contents of the shopping cart and a button to order the selected items, thus clearing the shopping cart.The first version of the Servlet, called
ShoppingCartServlet, which works with Cookie-style sessions only, consists of the two standard methods, doGet and doPost:A form with the buttons is created by the Servlet's
doGet method.7: protected void doGet(HttpServletRequest req, HttpServletResponse res) 8: throws ServletException, IOException 9: { 10: res.setContentType("text/html"); 11: PrintWriter out = res.getWriter(); 12: out.print("<HTML><HEAD><TITLE>Online Shop</TITLE>"+ 13: "</HEAD><BODY><FORM METHOD=POST>"+ 14: "<INPUT TYPE=SUBMIT NAME=foo VALUE="+ 15: "\"Put a FOO into the shopping cart\">"+ 16: "<INPUT TYPE=SUBMIT NAME=bar VALUE="+ 17: "\"Put a BAR into the shopping cart\">"+ 18: "<INPUT TYPE=SUBMIT NAME=see VALUE="+ 19: "\"See the shopping cart contents\">"+ 20: "<INPUT TYPE=SUBMIT NAME=buy VALUE="+ 21: "\"Buy the shopping cart contents\">"+ 22: "</FORM></BODY></HTML>"); 23: out.close(); 24: }
- Alternatively, it could also come from a static HTML page.
- The
doPostmethod processes the form data which is sent by a client in response to the form created bydoGet.
26: protected void doPost(HttpServletRequest req, HttpServletResponse res) 27: throws ServletException, IOException 28: { 29: String msg; 30: 31: HttpSession session = req.getSession(true); 32: if(session.isNew()) 33: { 34: session.putValue("foo", new int[] { 0 }); 35: session.putValue("bar", new int[] { 0 }); 36: } 37: 38: int[] foo = (int[])session.getValue("foo"); 39: int[] bar = (int[])session.getValue("bar"); 40: 41: if(req.getParameter("foo") != null) 42: { 43: foo[0]++; 44: msg = "Bought a FOO. You now have "+foo[0]+"."; 45: } 46: else if(req.getParameter("bar") != null) 47: { 48: bar[0]++; 49: msg = "Bought a BAR. You now have "+bar[0]+"."; 50: } 51: else if(req.getParameter("buy") != null) 52: { 53: session.invalidate(); 54: msg = "Your order for "+foo[0]+" FOOs and "+bar[0]+ 55: " BARs has been accepted. Your shopping cart is empty now."; 56: } 57: else 58: { 59: msg = "You have "+foo[0]+" FOOs and "+bar[0]+ 60: " BARs in your shopping cart."; 61: } 62: 63: res.setContentType("text/html"); 64: res.setHeader("pragma", "no-cache"); 65: PrintWriter out = res.getWriter(); 66: out.print("<HTML><HEAD><TITLE>Shopping Cart</TITLE></HEAD><BODY>"); 67: out.print(msg); 68: out.print("<HR><A HREF=\""); 69: out.print(req.getRequestURI()); 70: out.print("\">Back to the shop</A></BODY></HTML>"); 71: out.close(); 72: }
First we get theHttpSessionobject which is associated with the request by callingreq.getSession. The argumenttrueforces the creation of a new session if the request doesn't contain a valid session key.
Note: AlthoughgetSessionis a method ofHttpServletRequestand not ofHttpServletResponseit may modify the response header and therefore needs to be called before aServletOutputStreamorPrintWriteris requested.
If the session is indeed new (determined by callingHttpSession'sisNew()method) we add some custom data to the session: Two counters, one for the FOOs and one for the BARs in the shopping cart. The session object can be used like aDictionary. That means we can only add Objects, not instances of primitive types like int. We could use an instance ofjava.lang.Integerfor each counter, but these objects are immutable which makes incrementing inefficient and difficult to implement. Instead we use an array of int (int[]) with only one element as a mutable wrapper object. The element is initialized to 0.
Next we retrieve the values for "foo" and "bar" from the session, no matter if they were just added or carried over from a previous request.
In theListManagerServletboth buttons had the same name but different values so we could usegetParameterto retrieve the value from the request and then do a string compare to the possible values. This time we use a different approach which can be implemented more efficiently. All buttons have different names and we can find out which button was used to submit the form by checking which name has a non-null value.
A new FOO or BAR item can be put into the shopping cart by simply incrementing the counter in the array. Note that the array does not need to be put back into the session because it has not changed itself, only the contents have been modified.
When the user chooses to buy the contents of the shopping cart we callsession.invalidate()to delete the session on the server side and tell the client to remove the session ID Cookie. The session data is lost and when a new POST request is made to the Servlet, a new session will be created.
The rest of thedoPostmethod is basically the same as in theListManagerServlet.
No comments:
Post a Comment