Session tracking is essential in web development to maintain user state and data as they navigate across different pages of a web application. JSP (JavaServer Pages) provides various mechanisms to implement session tracking, allowing web applications to associate requests with specific users and retain user data across multiple HTTP requests, which are stateless by nature.
JSP Session Tracking Mechanisms
JSP supports multiple methods for session tracking, including:
- Cookies: A small piece of data stored on the client side by the browser. The server sends a cookie to the client, which is included in future requests from the client. Cookies are commonly used for session tracking as they can persist information even after the user closes the browser.
- URL Rewriting: Involves appending session information directly to the URL. This method is useful when the client has disabled cookies. The JSP session ID can be added to the URL using the
response.encodeURL() method. - Hidden Form Fields: Form elements that are not visible to the user but carry session data from one request to another. These fields can be included in HTML forms and are used to pass session information when submitting forms.
Project Implementation of Session Tracking in JSP
We will create a JSP project for session tracking. This example will demonstrate a simple login system where the user's session is tracked across multiple pages.
Step 1: Create the Dynamic Web Project
Create a new Dynamic Web Project using Eclipse. After creating the project, the file structure should look like the following:
Step 2: Create the LoginServlet Class
File: LoginServlet.java:
Java
package com.example;
import java.io.IOException;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* Handles POST requests for user login.
*
* @param request HttpServletRequest object containing request details
* @param response HttpServletResponse object to send response
* @throws ServletException If an error occurs during request processing
* @throws IOException If an I/O error occurs
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
if ("admin".equals(username) && "password".equals(password)) {
HttpSession session = request.getSession();
session.setAttribute("username", username);
response.sendRedirect("dashboard");
} else {
response.sendRedirect("login.jsp");
}
}
}
This servlet handles login requests. If the username and password match "admin" and "password," it creates a session and redirects to the dashboard. Otherwise, it redirects back to the login page.
Step 3: Create the DashboardServlet Class
File: DashboardServlet.java:
Java
package com.example;
import java.io.IOException;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
public class DashboardServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* Handles GET requests to the dashboard page.
*
* @param request HttpServletRequest object containing request details
* @param response HttpServletResponse object to send response
* @throws ServletException If an error occurs during request processing
* @throws IOException If an I/O error occurs
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
HttpSession session = request.getSession(false);
if (session == null || session.getAttribute("username") == null) {
response.sendRedirect("login.jsp");
} else {
request.getRequestDispatcher("dashboard.jsp").forward(request, response);
}
}
}
This servlet handles requests to the dashboard page. It checks if a session exists and if the username is set. If not, it redirects to the login page; otherwise, it forwards the request to the dashboard page.
Step 4: Create the LogoutServlet Class
File: LogoutServlet.java:
Java
package com.example;
import java.io.IOException;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
public class LogoutServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* Handles POST requests to log out the user.
*
* @param request HttpServletRequest object containing request details
* @param response HttpServletResponse object to send response
* @throws ServletException If an error occurs during request processing
* @throws IOException If an I/O error occurs
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
HttpSession session = request.getSession(false);
if (session != null) {
session.invalidate();
}
response.sendRedirect("logout.jsp");
}
}
This servlet handles logout requests. It invalidates the session and redirects to the logout page.
Step 5: Create the Login Page
File: login.jsp:
HTML
<%@ page language="java" contentType="text/html; charset=UTF-8" %>
<html>
<head>
<title>Login</title>
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<div class="container">
<h2>Login</h2>
<form action="login" method="post">
<input type="text" name="username" placeholder="Enter Username" required>
<input type="password" name="password" placeholder="Enter Password" required>
<input type="submit" value="Login"> <!-- Button text is "Login" -->
</form>
</div>
</body>
</html>
This JSP page provides a form for users to enter their username and password. The form submits a POST request to the LoginServlet.
Step 6: Create the Dashboard Page
File: dashboard.jsp:
HTML
<%@ page language="java" contentType="text/html; charset=UTF-8" %>
<%@ page session="true" %>
<%
String username = (String) session.getAttribute("username");
if (username == null) {
response.sendRedirect("login.jsp");
return;
}
%>
<html>
<head>
<title>Dashboard</title>
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<div class="container">
<h2>Welcome, <%= username %>!</h2>
<p>This is your dashboard.</p>
<form action="logout" method="post">
<input type="submit" value="Logout">
</form>
</div>
</body>
</html>
This JSP page displays a welcome message to the logged-in user. If the session is invalid or the username is not set, it redirects to the login page. Otherwise, it shows the dashboard and provides a logout button.
Step 7: Create the Logout Page
File: logout.jsp:
HTML
<%@ page language="java" contentType="text/html; charset=UTF-8" %>
<html>
<head>
<title>Logout</title>
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<div class="container">
<h2>You have successfully logged out.</h2>
<a href="login.jsp">Login again</a>
</div>
</body>
</html>
This JSP page informs the user that they have successfully logged out and provides a link to log in again.
Step 8: Create the StyleSheet
File: style.css:
CSS
body {
background-color: #f0f8f7;
font-family: Arial, sans-serif;
}
.container {
width: 30%;
margin: 100px auto;
background-color: #d8f3dc;
border-radius: 10px;
padding: 20px;
box-shadow: 0px 0px 10px #333;
}
h2 {
color: #40916c;
text-align: center;
}
input[type="text"], input[type="password"], input[type="submit"] {
width: 100%;
padding: 10px;
margin: 10px 0;
border: 1px solid #ddd;
border-radius: 5px;
}
input[type="submit"] {
background-color: #40916c;
color: #fff;
border: none;
}
This CSS file styles the JSP pages. It includes styling for the background, container, headers, and form elements.
Step 9: Configure the web.xml
File: web.xml:
XML
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="https://jakarta.ee/xml/ns/jakartaee" xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_6_0.xsd" id="WebApp_ID" version="6.0">
<display-name>SessionTrackingExample</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.jsp</welcome-file>
<welcome-file>default.htm</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>com.example.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/login</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>DashboardServlet</servlet-name>
<servlet-class>com.example.DashboardServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>DashboardServlet</servlet-name>
<url-pattern>/dashboard</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>LogoutServlet</servlet-name>
<servlet-class>com.example.LogoutServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LogoutServlet</servlet-name>
<url-pattern>/logout</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>30</session-timeout> <!-- Timeout in minutes -->
</session-config>
</web-app>
This configuration file maps the servlets to their respective URL patterns. It tells the server which servlet to use for each URL pattern.
Step 10: Run the Project
Output:
1. Login Page:
2. Dashboard:
3. Logout page:
Advantages of JSP Session Tracking
- Maintains User State Across Requests HTTP is a stateless protocol, meaning each request is independent. Session tracking allows for maintaining user state across multiple HTTP requests, making it possible to store and retrieve user data (such as login credentials and preferences) during the session.
- Simplified User Experience Session tracking enables a smoother user experience by preserving user interactions and choices across pages. For example, it can maintain the contents of a shopping cart on e-commerce websites, keep form data in multi-step forms, or retain login status.
- Scalable and Efficient JSP provides multiple session tracking methods, which can be optimized based on project needs:
- Cookies: Stored on the client’s browser, cookies do not increase server load.
- URL Rewriting and Hidden Fields: Useful when cookies are disabled, offering flexibility in maintaining session state.
- Easy Session Management The
HttpSession API in JSP makes it easy to create, store, retrieve, and invalidate session data, reducing the complexity of state management in web applications. Sessions can also be customized to expire after a certain period of inactivity, enhancing security and resource management. - Security Mechanisms Session tracking helps implement security mechanisms, such as login authentication, by maintaining the session of authenticated users across multiple pages. It also allows for session timeouts, which enhance security.
- Robust Error Handling JSP’s session management can be configured to handle session failures gracefully, ensuring the application does not crash when a session is invalid or expires. It can redirect users to the login page or prompt them to reauthenticate.
Conclusion
In this example, we demonstrated how to implement session tracking using JSP and servlets. We created a login system where users can log in, access a dashboard, and log out. Each code file includes comments explaining its purpose and functionality. This setup helps maintain user sessions and ensures that users can interact with the web application as intended.
Similar Reads
Servlet - Session Tracking Servlets are the Java programs that run on the Java-enabled web server or application server. They are used to handle the request obtained from the webserver, process the request, produce the response, then send a response back to the webserver HTTP is a "stateless" protocol, which means that each t
6 min read
PHP | Unset Session Variable Whenever data are stored using cookies, there is a possibility of a hacker to insert some harmful data in the user's computer to harm any application. So its always advisable to use PHP sessions to store information on the server than on a computer. Whenever data is needed across many pages of a web
3 min read
Spring Boot - Session Management Session management in Spring Boot is a critical aspect of web application development, especially when it comes to maintaining user state across multiple requests. HTTP is a stateless protocol, meaning each request from a client to the server is independent of any previous requests. To overcome this
6 min read
JSP - Form Processing In JavaServer Pages, Form processing is the fundamental aspect of web development, and it can allow users to interact with websites by submitting data. It can handle form submissions involving extracting the data from the HTTP requests and generating the appropriate responses. Form Processing in JSP
8 min read
JSP - Server Response In JavaServer Pages development, the server response refers to the data sent back to the client from the server after receiving and processing the client request, and the server response typically includes the dynamically generated by the HTML, XML, JSON, or other based on the JSP file logic and dat
6 min read
How to Use Session Variables with NodeJS? When building web applications with NodeJS, managing session data becomes an important task, especially for things like user authentication, shopping carts, or temporary data storage. In this article, we will explore how to use session variables in NodeJS.What are Session Variables?Session variables
5 min read