Pr.Pg Next Pg

Session Tracking tutorials

  • A session is a conversation between the server and a client. A conversation consists of a series of continuous request and response.

  • HTTP is a “stateless” protocol which means each time a client retrieves a Web page, the client opens a separate connection to the Web server and the server automatically does not keep any record of previous client request.

  • Still there are following four ways to maintain session between web client and web server:

    1. Hidden Fields

    2. URL Rewriting

    3. Cookies

    4. Session tracking API


Hidden Fields

  • <INPUT TYPE=”hidden” NAME=”technology” VALUE=”servlet”>

  • Hidden fields like the above can be inserted in the web pages and information can be sent to the server for session tracking.

  • These fields are not visible directly to the user, but can be viewed using view source option from the browsers.

  • This type of session tracking doesn’t need any special configuration from the browser or server and by default available to use for session tracking. 


URL Rewriting

  • In general added additional parameter will be sessionid or sometimes the userid. It will suffice to track the session.

  • This type of session tracking doesn’t need any special support from the browser. Disadvantage is, implementing this type of session tracking is tedious.

  • You need to keep track of the parameter as a chain link until the conversation completes and also should make sure that, the parameter doesn’t clash with other application parameters.

  • For example, with;sessionid=12345, the session identifier is attached as sessionid=12345 which can be accessed at the web server to identify the client.

  • URL rewriting is a better way to maintain sessions and works for the browsers when they don’t support cookies but here drawback is that you would have generate every URL dynamically to assign a session ID though page is simple static HTML page.



  • Cookies are the mostly used technology for session tracking. Cookie is a key value pair of information, sent by the server to the browser. This should be saved by the browser in its space in the client computer.

  • Whenever the browser sends a request to that server it sends the cookie along with it. Then the server can identify the client using the cookie.

  • In java, following is the source code snippet to create a cookie:

Cookie cookie = new Cookie(“userID”, “7456″);


  • Session tracking is easy to implement and maintain using the cookies. Disadvantage is that, the users can opt to disable cookies using their browser preferences. In such case, the browser will not save the cookie at client computer and session tracking fails.


Session tracking API

  • Session tracking API is built on top of the first four methods. This is inorder to help the developer to minimize the overhead of session tracking. This type of session tracking is provided by the underlying technology. Let’s take the java servlet example. Then, the servlet container manages the session tracking task and the user need not do it explicitly using the java servlets. This is the best of all methods, because all the management and errors related to session tracking will be taken care of by the container itself.

  • Every client of the server will be mapped with a javax.servlet.http. HttpSession object. Java servlets can use the session object to store and retrieve java objects across the session. Session tracking is at the best when it is implemented using session tracking api.

Below is a summary of the important methods available through HttpSession object:





public Object getAttribute(String name)


This method returns the object bound with the specified name in this session, or null if no object is bound under the name.


public Enumeration getAttributeNames()


This method returns an Enumeration of String objects containing the names of all the objects bound to this session.


public long getCreationTime()


This method returns the time when this session was created, measured in milliseconds since midnight January 1, 1970 GMT.


public String getId()

This method returns a string containing the unique identifier assigned to this session.


public long getLastAccessedTime()


This method returns the last time the client sent a request associated with this session, as the number of milliseconds since midnight January 1, 1970 GMT.


public int getMaxInactiveInterval()


This method returns the maximum time interval, in seconds, that the servlet container will keep this session open between client accesses.


public void invalidate()

This method invalidates this session and unbinds any objects bound to it.


public oolean isNew()


This method returns true if the client does not yet know about the session or if the client chooses not to join the session.


public void removeAttribute(String


This method removes the object bound with the specified name from this session.


public void setAttribute(String name,

Object value) 

This method binds an object to this session, using the name specified.


public void setMaxInactiveInterval(int interval)

This method specifies the time, in seconds, between client requests before the servlet container will invalidate this session.



Example: Servlet program to describe how to use the HttpSession object to find out the creation time and the last-accessed time for a session.

Sam Sir

//Program name

/*Program to describe how to use the HttpSession object to find out the creation time and the last-accessed time for a session.*/



import javax.servlet.*;

import javax.servlet.http.*;

import java.util.*;


public class SessionTrack extends HttpServlet


public void doGet(HttpServletRequest request,

HttpServletResponse response)

throws ServletException, IOException {


HttpSession session = request.getSession();

String heading;

Integer accessCount =


if (accessCount == null) {

accessCount = new Integer(0);

heading = “Welcome, Newcomer”;

} else {

heading = “Welcome Back”;

accessCount = new Integer(accessCount.intValue() + 1);


session.setAttribute(“accessCount”, accessCount);

PrintWriter out = response.getWriter();

String title = “Session Tracking Example”;

String docType =



out.println(docType +

“<HTML>\n” +

“<HEAD><TITLE>” + title + “</TITLE></HEAD>\n” +

“<BODY BGCOLOR=\”#FDF5E6\”>\n” +

“<CENTER>\n” +

“<H1>” + heading + “</H1>\n” +

“<H2>Information on Your Session:</H2>\n” +

“<TABLE BORDER=1>\n” +

“<TR BGCOLOR=\”#FFAD00\”>\n” +

“ <TH>Info Type<TH>Value\n” +

“<TR>\n” +

“ <TD>ID\n” +

“ <TD>” + session.getId() + “\n” +

“<TR>\n” +

“ <TD>Creation Time\n” +

“ <TD>” +

new Date(session.getCreationTime()) + “\n” +

“<TR>\n” +

“ <TD>Time of Last Access\n” +

“ <TD>” +

new Date(session.getLastAccessedTime()) + “\n” +

“<TR>\n” +

“ <TD>Number of Previous Accesses\n” +

“ <TD>” + accessCount + “\n” +

“</TABLE>\n” +








Pr.Pg border                                              Next Pg