Tracking Users with Sessions and Cookies
- Using Hidden Controls
- The Cookie Class
- The HttpServletResponse Interface
- Creating a Cookie
- Reading a Cookie
- Setting and Reading a Cookie in the Same Page
- Using Sessions
- Creating a Session
- Setting Session Timeouts
- Using Applications
- Using Sessions, Applications, and JavaBeans
- Summary
- Q&A
- Workshop
Today you'll learn about one of the most popular uses of JSPtracking users with sessions and cookies. Tracking users is a perennial problem; when a user looks at your Web page, has that user been there before? Will you be remembering something about her? Will you remember her present purchases and be checking them out, displaying their total cost? Will you be customizing her Web page in ways that she's specified in the past? Today you'll see several ways of tracking users, including the following:
Hidden textUsing hidden controls in a Web page is the easiest way of associating some information with the user that's not directly accessible to him. However, the hidden text can be seen if the user looks at the HTML for the Web page directly.
CookiesThis is probably the most common way of tracking users on the Internet. You can store information in a user's computer using cookies, and retrieve it when you need it. You can also specify how long the cookie should exist before being deleted by the browser.
SessionsSessions are something the server offers us to support user tracking, and they're great, although they can take up a lot of resources on the server. Sessions let you preserve data between accesses to a Web page by the same user.
ApplicationsApplications are much like sessions, as you'll see, but they're more generalyou can share data between all the JSP pages in a site using applications. In other words, unlike sessions, applications can be used to track multiple users at the same time.
Sessions, applications, and JavaBeansYou can also set JavaBeans so they'll be included in a session or application. Normally, the data in a JavaBean is reset each time the user accesses a page and creates an object from that bean, but you can include the bean in a session or application so its data is preserved between accesses by the same user.
The first step is to use HTML hidden controls.
Using Hidden Controls
Using HTML hidden controls is an easy way to store data in a Web page. For example, in this JSP page, the code will let the user set the text to store in a hidden control in a text field:
<HTML> <HEAD> <TITLE>Reading Hidden Controls</TITLE> </HEAD> <BODY> <H1>Reading Hidden Controls</H1> <% String text = ""; if(request.getParameter("TEXT1") != null) { out.println("The hidden text is:" + request.getParameter("TEXT1")); text = request.getParameter("TEXT1"); } %> . . .
The code stores the text the user types in the hidden control, as you can see in Listing 7.1.
Listing 7.1 Reading Hidden Controls (ch07_01.jsp)
<HTML> <HEAD> <TITLE>Reading Hidden Controls</TITLE> </HEAD> <BODY> <H1>Reading Hidden Controls</H1> <% String text = ""; if(request.getParameter("TEXT1") != null) { out.println("The hidden text is:" + request.getParameter("TEXT1")); text = request.getParameter("TEXT1"); } %> <FORM ACTION="ch07_01.jsp" METHOD="POST"> <INPUT TYPE="TEXT" NAME="TEXT1"> <INPUT TYPE="HIDDEN" NAME="HIDDEN" VALUE="<%= text%>"> <INPUT TYPE="SUBMIT" VALUE="Set Hidden Text"> </FORM> </BODY> </HTML>
You can see this page in Figure 7.1, where the user has entered some text and is about to click the Set Hidden Text button.
Figure 7.1 Setting hidden text.
When the user clicks the button, the JSP code stores the text she's entered in a hidden control and displays that text, as you see in Figure 7.2.
Figure 7.2 Getting hidden text.
The user can also take a look at the data in the hidden field directlyall she has to do is to view the HTML source of the page you see in Figure 7.2 (using the View, Source menu item in Internet Explorer, or the View, Page Source menu item in Netscape Navigator). Here's what that HTML source looks likenote the hidden control's text:
<HTML> <HEAD> <TITLE>Reading Hidden Controls</TITLE> </HEAD> <BODY> <H1>Reading Hidden Controls</H1> The hidden text is:Hello there! <FORM ACTION="hidden.jsp" METHOD="POST"> <INPUT TYPE="TEXT" NAME="TEXT1"> <INPUT TYPE="HIDDEN" NAME="HIDDEN" VALUE="Hello there!"> <INPUT TYPE="SUBMIT" VALUE="Set Hidden Text"> </FORM> </BODY> </HTML>
Hidden controls are fine as far as they go, but there are a number of obvious problems hereyou can't store data in a secure way, and you can't store data between sessions. However, you can get around those problems with cookies.
You might not be surprised to learn that there's a class you use to work with cookies in JSPthe cookie class.