Java Reference
In-Depth Information
C
HAPTER
8: H
ANDLING
S
ESSIONS
AND
C
OOKIES
• Understanding Sessions
• Using URL Variables to Maintain Sessions
• Using Cookies to Maintain Sessions
State management is a very important concept for many web sites. If a website is to allow
a user to log into the system, and present pages customized to that user, state management
must be used. State management allows the web server to remember things from one page
request to the next.
Consider the example of a user logging onto a system. Once the user has logged onto
the system, the system must remember who is logged on. This is called state. Rather than
just sending web pages blindly, the web server now knows who the pages are going to. This
allows the web server to customize these pages for each user, or perhaps block access to the
pages depending on the user.
To access a site, such as this, programmatically requires extra consideration. The pro-
gram must first login to the website and establish state. To support such a site, a program
must be designed to implement state in the way that the target web site expects. There are
several ways that web sites implement state; however, most sites fall into one of two catego-
ries:
• State through URL Variables
• State through Cookies
Both methods are very common. This chapter will cover both methods and provide a
recipe for each.
URL Variables for State
A very simple way to maintain state is to use the URL line. By placing a variable on the
URL that always holds the current state, you can identify who is logged on. It is considered
a bad idea to just place the user name on the URL line. So you will not likely see a URL like
the following:
http://www.httprecipes.com/1/test.php?user=joe
This would be terribly insecure. A user would simply have to change the URL line and
they could instantly become any user they liked. Usually a session number will be used in-
stead. Consider the following URL:
