Chapter 7 Why session tracking is difficult for web applications that use HTTP p
ID: 3888082 • Letter: C
Question
Chapter 7
Why session tracking is difficult for web applications that use HTTP protocol?
What is session tracking?
Explain how Java keeps track of sessions
How can a servlet relate a request to a session?
Explain 2 approaches in session tracking.
What is the difference between per-session and persistent cookies?
What is a cookie?
How cookies work?
What are three typical uses for cookies?
When URL rewriting and hidden fields are handy?
What are security risks of using URL rewriting?
What is the advantage of using hidden fields to pass parameters?
Why hidden fields are not appropriate to be used for passing secure data like passwords?
Explanation / Answer
1.
Doubtlessly in light of the fact that HTTP is a stateless protocol.That implies a Web Server taking care of HTTP asks for doesn't keep up relevant data about the customer demands coming to it.Putting it in an unexpected way, the Web Server doesn't have a worked in approach to perceive whether the present demand is originating from another customer or from a customer which has been speaking with it for some time now.This happens on the grounds that each HTTP ask for is dealt with as a by and large new demand.
different methods for following Sessions:
1.Using Cookies
2.Using URL Rewriting
3.Using Hidden Form Fields
2.
Session just means a specific interim of time.Session Tracking is an approach to look after state (information) of a user.It is otherwise called session administration in servlet.
Http convention is a stateless so we have to keep up state utilizing session following techniques.Each time client solicitations to the server, server regards the demand as the new request.So we have to keep up the condition of a client to perceive to specific user.HTTP is stateless that implies each demand is considered as the new demand.
3.
Session in Java Servlet are overseen through various routes, for example, Cookies, HttpSession API, URL reworking and so forth.
The initial four techniques are customarily utilized for session following in all the server-side technologies.The session following API strategy is given by the fundamental innovation (java servlet or PHP or likewise).Session following API is based over the initial four strategy
Client approval
Concealed fields
URL revamping
Treats
Session following API
4.
SERVLET REQUEST/RESPONSE PACKAGES
Demand and Response related classes are bundled in two packages.These bundles are -
javax.servlet –This bundle contains ServletRequest and ServletResponse interfaces (convention less).
javax.servlet.http-This bundle contains HttpServletRequest, HttpServletResponse and HttpSession classes As bundle name recommend , this bundle contains all classes and interfaces identified with HTTP convention.
String getParameter(String parameterName)-
this technique is utilized to get the estimation of demand parameter by name.Request parameters are the parameters sent by the client either as a question parameter or in the html frame. Keep in mind its arrival sort is String.
String[] getParameterValues(String parameterName)-
this technique is like getParameter() with the distinction is that it restores a variety of String containing the greater part of the qualities the given demand parameter.
- -