What Is Session Tracking?
Session tracking is the capability of a server to maintain the current state of a single client's
sequential requests. The HTTP protocol used by Web servers is stateless . This means that
every transaction is autonomous. This type of stateless transaction is not a problem unless you
need to know the sequence of actions a client has performed while at your site.
For example, an online video store must be able to determine each visitor's sequence of
actions. Suppose a customer goes to your site to order a movie. The first thing he does is look
at the available titles. When he has found the title he is interested in, he makes his selection.
The problem now is determining who made the selection. Because each one of the client's
requests is independent of the previous requests, you have no idea who actually made the final
You could use HTTP authentication as a method of session tracking, but each of your
customers would need an account on your site. This is fine for some businesses, but
would be a hassle for a high-volume site. You probably could not get every user who
simply wants to browse through the available videos to open an account.
In this chapter, you will look at several different ways to determine the actions that a particular
client has taken. You will examine hidden form fields, cookies, URL rewriting, and the built-in
session tracking functionality found in the servlet API.
Using Hidden Form Fields
Using hidden form fields is one of the simplest session tracking techniques. Hidden form fields
are HTML input types that are not displayed when read by a browser. The following sample
HTML listing includes hidden form fields:
<FORM ACTION=”someaction” METHOD=”post”>
<INPUT TYPE=”hidden” NAME=”tag1” VALUE=”value1”>
<INPUT TYPE=”hidden” NAME=”tag2” VALUE=”value2”>