JSP - Session

In any normal website, the user performs multiple interactions on different pages of the site. It is beneficial for the site to customize the data according to each user. This allows the user to maintain a personal space for their specific activities according to their interests. For all these purposes, the JSP provides the "session implicit object". In this chapter, you will learn about various methods and concepts used to create and manage a session using JSP.

What Is a Session?

A session can be defined as an object associated with each user with a unique session ID, and the user's data is based on the account they have registered. Different forms of data can be set in a session; These data related to each user of the site help the user and the website owner in different ways. As you know, HTTP is a "stateless" protocol; Whenever a user visits a web page, the user opens a separate connection with the webserver, and the server does not keep a record of preceding client requests.

Different approaches to maintain a session between client and server are:
  1. Cookies: Cookies are text files that allow programmers to store some information on a client computer, and they are kept for usage tracking purposes.
  2. Passing Session ID in URL: Adding and passing session ID to URL is also a way to identify a session. However, this method is obsolete and insecure because the URL can be tracked.

The session Implicit Object

  • A session object is the most commonly used implicit object implemented to store user data to make it available on other JSP pages until the user's session is active.
  • The session implicit object is an instance of a javax.servlet.http.HttpSession interface.
  • This session object has different session methods to manage data within the session scope.

Here is an example of a JSP request and session implicit objects where a user submits login information, and another JSP page receives it for processing:

Example (HTML file):
<!DOCTYPE html>
<html>
    <head>
        <title>User login form</title>
    </head>
    <body>
        <form action="login.jsp">
            Please enter Username: <input type="text" name="u_name" /> <br />
            <input type="submit" value="Submit Details" />
        </form>
    </body>
</html>
Example (login.jsp):
<%@ page import = " java.util.* " %>
<% 
String username = request.getParameter("u_name"); 
if(username.equals("admin")){
    session.setAttribute("u_name",username); 
    response.sendRedirect("home.jsp"); 
}else{
    out.print("Invalid Username");  
}
%>
Example (home.jsp):
<%
String session_u_name = (String)session.getAttribute("u_name");
out.print("Hi "+session_u_name);
%>

JSP Sessions Methods

  1. public Object getAttribute(String name): is used for returning the object bound with the specified name for a session and null if there is no object.
  2. public Enumeration getAttributeNames(): is used for returning an Enumeration of String objects that will hold the names of all the objects to this session.
  3. public long getCreationTime(): is used for returning the time when the session was created right from midnight January 1, 1970, GMT.
  4. public String getId(): is used for returning a string that will hold a unique identifier assigned to your session.
  5. public long getLastAccessedTime(): is used for returning the latest time your client sent a request linked with the session.
  6. public int getMaxInactiveInterval(): is used for returning the highest time interval (in seconds), which has to be maintained by the servlet container as a session gets opened between client accesses.
  7. public void invalidate(): is used for invalidating a session and unbinds its objects bound to it.
  8. public boolean isNew(): is used for returning a true when the client does not know anything about the session or when the client chooses not to join the session.
  9. public void removeAttribute(String name): is used for removing the object bound specifically to a session.
  10. public void setAttribute(String name, Object value): is used for binding an object to your session with the help of a specified name.
  11. public void setMaxInactiveInterval(int interval): is used for specifying the time (in seconds) between client requests where the servlet container will nullify this session.

Scroll Back to Top