Pr.Pg Next Pg

Session Tracking tutorials

  • A session is a conversation between the server and a client. A conversation consists series of continuous request and response.

  • HTTP is a “stateless” protocol which means each time a client retrieves a Web page, the client opens a separate connection to the Web server and the server automatically does not keep any record of previous client request.

  • Still there are following four ways to maintain session between web client and web server:

    1. Hidden Fields

    2. URL Rewriting

    3. Cookies

    4. Session Object


Hidden Fields

  • <INPUT TYPE=”hidden” NAME=”technology” VALUE=”Java Technology”>

  • Hidden fields like the above can be inserted in the web pages and information can be sent to the server for session tracking.

  • These fields are not visible directly to the user, but can be viewed using view source option from the browsers.

  • This type of session tracking doesn’t need any special configuration from the browser or server and by default available to use for session tracking. 


URL Rewriting

  • In general added additional parameter will be sessionid or sometimes the userid. It will suffice to track the session.

  • This type of session tracking doesn’t need any special support from the browser. Disadvantage is, implementing this type of session tracking is tedious.

  • You need to keep track of the parameter as a chain link until the conversation completes and also should make sure that, the parameter doesn’t clash with other application parameters.

  • For example, with;sessionid=12345, the session identifier is attached as sessionid=12345 which can be accessed at the web server to identify the client.

  • URL rewriting is a better way to maintain sessions and works for the browsers when they don’t support cookies but here drawback is that you would have generate every URL dynamically to assign a session ID though page is simple static HTML page.



  • Cookies are the mostly used technology for session tracking. Cookie is a key value pair of information, sent by the server to the browser. This should be saved by the browser in its space in the client computer.

  • Whenever the browser sends a request to that server it sends the cookie along with it. Then the server can identify the client using the cookie.

  • In java, following is the source code snippet to create a cookie:

Cookie cookie = new Cookie(“userID”, “7456″);


  • Session tracking is easy to implement and maintain using the cookies. Disadvantage is that, the users can opt to disable cookies using their browser preferences. In such case, the browser will not save the cookie at client computer and session tracking fails.


Session Object

  • The session object is an instance of javax.servlet.http.HttpSession. This variable is only valid for Http protocols. The session is one of the JSP built-in variables like request that is available in the service body of a JSP.

  • The session object is used to provide an association between the client and the server. HTTP protocol is a stateless protocol.

  • The session concept is a way of allowing multiple requests from the same client to be group together as part of a single "conversation". The session is used to maintain the "conversation" states during a given time period.

  • By default, JSPs have session tracking enabled and a new HttpSession object is instantiated for each new client automatically.

  • Disabling session tracking requires explicitly turning it off by setting the page directive session attribute to false as follows: 

<%@page session="false">

Pr.Pg border                                              Next Pg