Session tracking
Hi there,
I have a strange problem you may be able to shed some light on. At least I hope so. I'm working with an existing project using JSP's and Servlets and a backend MySQL database. The project entails the ability to perform ad hoc queries to the database. The source code files can be found at the bottom of the page at:
http://www.eas.asu.edu/~cse494db/IonJDBC/JDBCExample.html
The project contains one servlet called Contol.java and a bean called QueryBean.java. The Control servlet is first invoked using a POST call. In doing so, a Session object is created and an instance of QueryBean is created and stored in the Session object. The QueryBean contains the meta data for the database. A jsp called QueryInput.jsp loads and at the same time also activates a second browser window loading MetaTables.jsp. When MetaTables.jsp loads in the second window it calls
QueryBean qb = (QueryBean)session.getAttribute("qBean");
from the session object retrieving the QueryBean instance and the meta data is used to be displayed in a table. The first time this process occurs everything is fine, until I dismiss the window containing MetaTables.jsp.
Here's what happens...QueryInput.jsp has a button on it. It is used to re-display the window that MetaTables.jsp loads into if the user dismisses that window when it first loads. Here's where the interesting part comes in. If I click on the button in the main browser window containing QueryInput.jsp the second browser window appears alright, but for whatever reason all the data that was in the QueryBean instance is gone. MetaTables.jsp loads and attempts to obtain the QueryBean instance again from the Session object, but there is no data to display. It's gone!
What's going on? Does anybody know?
Alan
***************QueryInput.jsp*************************
<%@ page import = "java.io.*" %>
<%@ page import = "java.sql.*" %>
<%@ page import = "com.components.QueryBean" %>
<jsp:useBean id="qBean" class="com.components.QueryBean" scope="session"/>
<%
String ManagerOnBoard = (String)session.getAttribute("ManagerOnBoard");
if(ManagerOnBoard == null)
%>
<HTML>
<HEAD>
<TITLE>MainMenu</TITLE>
<link href="site.css" rel="stylesheet" type="text/css">
</HEAD>
<body>
<h1>ACCESS DENIED</h1>
</body>
</html>
<%
else
%>
<HTML>
<head>
<link href="site.css" rel="stylesheet" type="text/css">
<script language=javascript>
function MetaData()
window.open('MetaData.jsp','','toolbar=no,resizable=yes,menubar=no,location=no,height=400,width=400');
</script>
</head>
<BODY onLoad="MetaData()">
<b><center><h2><jsp:getProperty name="qBean" property="dbName"/> Database </h2></center></b>
<hr>
<form action=MainMenu.jsp target =_parent>
<p><input type="SUBMIT" VALUE="Return to Main Menu"></p>
</form>
<b>SQL Select/Insert/Update/Delete:</b><br>
<table><tr><td>
<form name="MyForm" action="/scholastic/Control" method="GET" TARGET="Output" onsubmit="return checkForm(this)">
<p><textarea name="query" rows=9 cols=40>
</textarea></p>
</td><td><p><input type="SUBMIT" VALUE="Submit">��
</p><p><input type="RESET" name="clear" VALUE="Clear">��
</p><p><input type="button" value="Open MetaData" onClick="MetaData()">
</form>
</td>
</tr>
</table>
</BODY>
</HTML>
<%
%> **********************MetaTables.jsp*****************
<%@ page import = "java.io.*" %>
<%@ page import = "java.sql.*" %>
<%@ page import = "java.util.*" %>
<%@ page import = "com.components.QueryBean" %>
<!--jsp:useBean id="qBean" class="com.components.QueryBean" scope="session"/-->
<%
QueryBean qb = (QueryBean)session.getAttribute("qBean");
Vector tables = (Vector)qb.getTables();
String ManagerOnBoard = (String)session.getAttribute("ManagerOnBoard");
if(ManagerOnBoard == null)
%>
<HTML>
<HEAD>
<TITLE>MainMenu</TITLE>
<link href="site.css" rel="stylesheet" type="text/css">
</HEAD>
<body>
<h1>ACCESS DENIED</h1>
</body>
</html>
<%
else
%>
<HTML>
<head>
<link href="site.css" rel="stylesheet" type="text/css">
</head>
<body>
<!--jsp:getProperty name="qBean" property="dbName"/-->
<center><h2> <%=qb.getDbName()%> Database MetaData</h2></center>
<%
for(int i =0; i< tables.size(); i++)
%> <table><tr>
<%
StringTokenizer token = new StringTokenizer((String)tables.get(i));
String tableName = ((String)token.nextToken()).toUpperCase();
%>
<th><a href="/scholastic/Control?tableName=<%=tableName%>" target=Output><%=tableName%></a></th><th> :</th>
<%
while(token.hasMoreTokens())
%>
<th><%=token.nextToken()%></th>
<%
%>
</tr></table>
</body>
</html>
<%
%> ******************Control.java************************
package com.components;
import java.io.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.sql.*;
import javax.sql.*;
import javax.naming.*;
public class Control extends HttpServlet
Connection connection = null; // the connection to the database
Statement statement = null; // a statement object for the queries
String dbName; // the database name
public QueryBean qBean = null;
private ServletContext context; // objects used to transfer control to the jsp pages
/*Initializing the servlet*/
public void init(ServletConfig config) throws ServletException
super.init(config);
context = config.getServletContext();
The doPost method handles POST requests
This method is accessed first in from the time the user will
enter a datasource name in the main page.
The function will first establish a connection to the database
with the requested data source name. If the data
source does not exist then the control is tranferred to an error page
with a corresponding message. If the database exists
then we save time by getting all the meta-data from the database
( table names, and columns) and storing them in the
bean. The bean is stored in the session object and control is
transferred to the query page which loads the two frames. One
for entering the query and one for results. This function is
accessed only whenever we are in the main page.
public void doPost(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException
ResultSet rsTables = null; //ResultSet objects for the database tables and columns
ResultSet rsColumns = null;
//databse metadata object to access the meta-data from the database
DatabaseMetaData dbmd = null;
qBean = new QueryBean(); // the bean object to store the information
//the database source name entered from the user
dbName = "scholastic_db";
//store the database name in the query bean so pages can diplayed it later.
qBean.setDbName(dbName);
String tableName;
// The code below gets the database table names and
// columns and stores them in the bean
try
Context ctx = new InitialContext();
if(ctx == null )
throw new Exception("No Context available...");
DataSource ds = (DataSource)ctx.lookup("java:comp/env/jdbc/Scholastic");
if (ds != null)
connection = ds.getConnection();
if(connection != null)
HttpSession session = req.getSession(true);
dbmd = connection.getMetaData();
rsTables = dbmd.getTables(null, null, null, null);
while (rsTables.next())
StringBuffer buff = new StringBuffer();
tableName = rsTables.getString("TABLE_NAME");
if (rsTables.getString("TABLE_TYPE").equals("TABLE"))
buff.append(tableName + " ");
rsColumns = dbmd.getColumns(null,null,tableName,null);
while (rsColumns.next())
buff.append(rsColumns.getString("COLUMN_NAME") + " ");
qBean.setTables(buff.toString());
// put the bean in the session
session.setAttribute("qBean", qBean);
// transfer control to the query page
res.sendRedirect("/scholastic/manager/Query.jsp");
rsTables.close();
rsTables = null;
rsColumns.close();
rsColumns = null;
connection.close();
connection = null;
catch (Exception e)
// If there is an error with the database source
// transfer control to an error page
try
connection.close();
connection = null;
catch(SQLException sqle){;}
res.sendRedirect("/scholastic/manager/errorDbSource.jsp");
finally
// Always make sure result sets and statements are closed,
// and the connection is returned to the pool
if (rsTables != null)
try { rsTables.close(); } catch (SQLException e) { ; }
rsTables = null;
if (rsColumns != null)
try { rsColumns.close(); } catch (SQLException e) { ; }
rsColumns = null;
if (connection != null)
try { connection.close(); } catch (SQLException e) { ; }
connection = null;
/* The doGet method handles GET requests. This function is accessed
every time we enter a query using the query form of
the queryInput pages and also every time we want to display
the contents of a table in the metadata window since we
actually perform a SELECT * FROM tableName statement. We
display the results in the same page if there are select statements
to save code. There is only one difference. In the query frames,
we actually display the query itself along with the results,
but in the metadata we dont. Since we access only one method, the doGet
for both operations we determine at the beginning of
the function; if we came from queryInput or from metaTables page.
If we came from the queryInput page we perform the necessary
calculation and we put the results along with the query itself
in a bean. If it is a select statement we transfer control to the
QueryOutputProccess page where we display the query itself and a
table with the results. If its an update, insert, or delete,
we perform the operation but we transfer control in a different
page; the QueryOutputProccesUpdate where we output the result of
our statement.
If we come from the metadata, then we perform the query SELECT * FROM
tableName and we store the results in the bean as we did
before. Since we don't display the query itself from the metadata but
we are using the same page we save to the query bean an
empty string.
In all the cases, we check if the user has made an error by entering
no data or bad data in the query window. If this is the case,
we transfer control to a page where we display the appropriate message.
If the user has caused an SQL exception like selecting data from a table
that does not exist, we get the corresponding message
of the exception and we transfer control to another page.
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException
//System.out.println("Entering doGet");
String query; // the query
ResultSet resultSet = null; // a resultset object that holds the results of the query
QueryBean qBean = new QueryBean(); // a QueryBean object
try
Context ctx = new InitialContext();
if(ctx == null )
throw new Exception("No Context available...");
DataSource ds = (DataSource)ctx.lookup("java:comp/env/jdbc/Scholastic");
if (ds != null)
connection = ds.getConnection();
if(connection != null)
HttpSession session = req.getSession(true); //get the session object
statement = connection.createStatement(); // create a statement object
// check to see if the user is coming from the metadata
String tableName = (String)req.getParameter("tableName");
NOTE: THE LINUX OPERATING SYSTEM IS PARTICULAR ABOUT CASE
SENSITIVITY. THEREFORE, WE'LL TRY TO KEEP THE QUERIES IN UPPER CASE
SINCE THE TABLE NAMES AND FIELD NAMES WERE CREATED USING UPPER CASE.
if(tableName != null)// by checking for a parameter tableName. If its not there
{ // the user is coming from the query frame.
query = "SELECT * FROM " + tableName.toUpperCase();
qBean.setQuery(" ");
else
query =(String)req.getParameter("query");
qBean.setQuery(query.toUpperCase());
//System.out.println(query);
//boolean value to know where to transfer control
//(QueryOutputProccess or QueryOutputProccessUpdate)
boolean isQuery = false;
// check if the user hase entered a valid query
//(SELECT, INSERT, UPDATE, DELETE)
if (checkQuery(query))
//if is a select then get the resuts and store them in the bean
if ("SELECT".equalsIgnoreCase(query.substring(0,6)))
//System.out.println("Its a SELECT query");
resultSet = statement.executeQuery(query);
ResultSetMetaData rsmd = resultSet.getMetaData();
int numCols = rsmd.getColumnCount();
qBean.setNumColumns(numCols);
isQuery = true;
for ( int i = 1; i <= numCols; i++)
qBean.setColumnLabel(rsmd.getColumnLabel(i));
qBean.setColumnTypeName(rsmd.getColumnTypeName(i));
while(resultSet.next())
for (int i = 1; i <= numCols; i++)
qBean.setResults(resultSet.getString(i));
else // if its not a SELECT that means is an INSERT, UPDATE OR DELETE. Perform the operation.
System.out.println("Its not a SELECT query");
statement.executeUpdate(query);
session.setAttribute("qBean", qBean); // put the bean back in the session
// transfer control to the correct jsp page.
//(is different if its a SELECT statement)
if(isQuery)
res.sendRedirect("/scholastic/manager/QueryOutputProcess.jsp");
else
res.sendRedirect("/scholastic/manager/QueryOutputProcessUpdate.jsp");
// If the user entered a null query or a bad query
//(other than SELECT, INSERT, UPDATE, DELETE)
// then transfer control to an error page indicating the message.
else
//System.out.println("Null or Bad query");
if(query.length() == 0)
res.sendRedirect("/scholastic/manager/errorQuery.jsp?message=No SQL expression entered");
else
res.sendRedirect("/scholastic/manager/errorQuery.jsp?message=ERROR...Invalid SQL expression entered");
resultSet.close();
resultSet = null;
statement.close();
statement = null;
connection.close();
connection = null;
catch (SQLException e)
//if there is an SQL exception get the exception's message
//and state and transfer control to an error page
res.sendRedirect("/scholastic/manager/errorException.jsp?state=" + e.getSQLState() + "&message=" + e.getMessage());
catch( Exception e)
System.out.println(e);
finally
if (resultSet != null)
try { resultSet.close(); } catch (SQLException e) { ; }
resultSet = null;
if (statement != null)
try { statement.close(); } catch (SQLException e) { ; }
statement = null;
if (connection != null)
try { connection.close(); } catch (SQLException e) { ; }
connection = null;
// method for checking if the user hase enter a valid
// query (SELECT, INSERT, UPDATE, DELETE)
public boolean checkQuery(String query)
boolean temp = false;
if(query.length() > 0 && query.length() > 5)
if(("SELECT".equalsIgnoreCase(query.substring(0,6))) ||
("INSERT".equalsIgnoreCase(query.substring(0,6))) ||
("UPDATE".equalsIgnoreCase(query.substring(0,6))) ||
("DELETE".equalsIgnoreCase(query.substring(0,6))))
temp = true;
return temp;
}
The button calls the control servlet with doGet.
What is one of the first things you do for doGet?
QueryBean qBean = new QueryBean(); // a QueryBean object
Similar Messages
-
Session tracking and Internet Explorer
Hi,
I am currently maintaining a servlet application, on apache/jserv.
This application implements a session tracking using a shared static hashtable of session data, associated with session id's.
This application may open more than one client browser windows.
With netscape, no problem.
With Internet Explorer, since the version 6, when the client close at least one window, the session is closed.
Thus, the application reject any new request from this client, sent by still open windows (session cannot be retrieved in the hashtable).
Has somebody heard about this problem ?
Thanks for any answer.Thanks.
In fact, I believe that IE keeps the same session for
child windows.
The problem is: when you click on a link which open a
new window, the new open window share the session with
its parent window.
When the new window is closed, the session is also
closed.
It appears that this mechanism only exists since the
version 6 of IE.No. Earlier IE version handle session cookies the same way. -
Hi,
i want to make a group of JSP pages in a Web App, but assuming that the browser doesn't accept cookies.
Is there anyway that i don't have to indicate every link as
response.encodeUrl("index.jsp")I've heard something about a <url-session-tracking/> tag, but i've tried to put in the web.xml file, but it doesn't work.
I just want to put Index and the App Server takes care of putting the jsessionid info in front of the url
Thank youCancelling this question.
-
Can we use an overloaded constructor of a Java Bean with Session Tracking
Hi Friends,
If any one can solve my query.... It would be helpful.
Query:
I have a Java Bean with an overloaded constructor in it. I want to use the overloaded constructor in my JSP.
1. One way of doing that is to use it directly in the "Scriptlets" (<% %>). But then I am not sure of the way to do session tracking. I think I can use the implicit objects like "session", "request" etc. but not sure of the approach or of the implementation method.
2. Another way is through the directive <jsp: useBean>. But I cannot call an overloaded constructor with <jsp: useBean>. The only alternative way is to use the directive <jsp: useBean> where I have to write getter and setter methods in the Java Bean and use the <jsp: setProperty> and <jsp: getProperty> standard actions. Then with this approach I cannot use the overloaded constructor.
Can any one suggest me the best approach to solve this problem ?
Thanks and Regards,
Gaive.My first reaction is that you can refactor your overloaded constructor into an init(arguments...) method. Instead of overloaded constructor, you can call that init method. This is the ideal solution if possible.
As to the two choices you listed:
1. This is OK, I believe. You can use scriplet to define the bean and put it into session scope of the pageContext. I am not sure exactly what you meant by session tracking; whatever you meant, it should be doable using HttpSessionAttributeListener and/or HttpSessionBindingListener.
2. Agreed. There is no way that <jsp:useBean> can call a constructor that has non-empty arguments.
Please tell me how it works for you. -
How to do session tracking in JSP
I want to do session tracking in my JSP pages.Say once after the user logs in,on every page I can get his username for further use.Thank you for your help!
Richard<%
session.setAttribute("svUserName", request.getParameter("name_of_username_form_field"));
// from the login page
%>
then to retrieve,
<% String UserName;
UserName = (String)session.getAttribute("svUserName").toString(); %>
to display,
<%= UserName %> -
i am making shopping mall project .
ist page conatins list of product avaiale
2nd page contains list of manufacturuer avaible
problem:-
i want to display on 3rd page the product seleted by user in 1st page
i used session tracking concept.but problem is the value is coming null in third page
please tell me how to solve my problemIf it is like a shopping cart, I suggest you to look for a good shopping cart examples available plenty online.
But if its just about keeping session variables and using them the following works.
Test with a simple example. Have three jsp files like a.jsp, b.jsp and c.jsp.
put the following in a.jsp
<% session.setAttribute("Mobile","Nokia");%>
<%=session.getAttribute("Mobile")%>
<a href="b.jsp">Go to B.jsp</a>Print the value of session variable - <%=session.getAttribute("Mobile")%> in b.jsp and c.jsp
And in b.jsp have a link to c.jsp and so on. Once you set a session variable, it lives as long as your session doesnt expire.
Try it. and also look for more session tracking examples online.
Message was edited by:
passion_for_java -
Hi All,
I need a simple session tracking application. this
application should include the following
1) Each user should have a seperate session area where each
user can store some info into it and retrive it.
2) Know how many users have logged into the application.
I come from j2ee background where these things are possible,
so requiring the same for my application which involves multi user
environment.
If not the application some part of code/ ideas will be higly
appreciated.
Thanks in Advance to all,
Vijay KarthikHi Avinash,
Put a status variable in the ModelLocator class(If you are using any Model class where your data can be accessed globally through out the application).
Once the user is authenticated and logged in successfuly update the status of the variable and you can authorize based on this status variable whether
the user is authorized to see the pages or not...
Thanks,
Bhasker Chari -
Always use URL Rewriting for session tracking?
All you JSP guru:
I am working on a JSP project that requires session tracking. I have successfully implements session tracking with both cookies or URL rewriting. I know that with the HttpSession object, it will always try to use cookie first, if that's disabled, then it'll automatically switch to URL rewriting. However, is there a way to force the HttpSession object to ALWAYS use URL rewriting instead of cookies? I have searched for an answer for a long time and haven't been able to found a solution. Is it possible at all? Thank you very much.i was going to say that WebSphere always uses URL rewriting if you enable it at all, but someone beat me to it (indirectly) :-)
however, that seemed to me to be a violation of the spec, which seemed to imply the behaviour you're describing (only use URL rewriting if cookies are not supported on the current client)
here's a response someone else made on a websphere newsgroup to a statement in that regard:
I believe you are technically correct. However from my
experience, I think the spec if flawed in this area since
there is no reliable way of determining whether the
client browser supports cookies. The authority on
cookies (www.cookiecentral.com) says:
"To properly detect if a cookie is being accepted via
the server, the cookie needs to be set on one HTTP
request and read back in another. This cannot be
accomplished within 1 request."
This is asking too much of a servlet engine
implementation. Even if it did submit a request for this
purpose, the user could refuse the cookie. So
then technically the browser supports cookies, but the
servlet engine infers it doesn't. So if the servlet engine
infers the browser does not support cookies and so
encodes the URL, it is again out of spec because the
browser really does support cookies. By doing it
however encoding is configured makes things simpler,
robust, consistent and avoids the flaw.
My opinion.so, mostly i'm just rambling, but if you're using websphere, you should get the behaviour your boss wants. if you're using something else, i suppose there's a chance it'll "violate" the spec in this same, potentially helpful way.
btw, i remember somebody else complaining that URL rewriting is less secure than cookies, but i kinda think they're about equal. it seems like either could be intercepted by a sniffer and then used to spoof. but i'm no expert in that stuff... -
Disable non-SSL session tracking?
Hi, all,
I wonder if one can disable all session tracking in JSP's whenever SSL is not being used? I would like to turn off all cookie-setting and URL-rewriting and use SSL-session tracking only (if I use session-tracking at all on a given page). I also want to specify this behavior programmatically (inside my JSP's) and not in my server's config files.
I'm basically concerned that if my user leaves one of my HTTPS pages, they will still retain a non-secure cookie with their session information. This seems to be indeed the default behavior: when I run my tests and transition from an HTTPS page to an HTTP one, the browser does store a cookie. I know I can invalidate the session as the next step, but I'd rather have the cookie not being set altogether to begin with. Imagine the situation where the user leaves my HTTPS page for a totally different (HTTP) website: in this setting I won't get a chance to invalidate the session and delete the cookie.
Any ideas, therefore, on how to programmatically disable non-SSL session-tracking?
Thanks,
Dmitri.I don't think you can do this programatically.
However I also don't think it is a problem.
Cookies are related to zone names aren't they?
http://mysite and https://mysite are two different
zones as far as cookies are concerned. One should
not be able to see the other.
It issues a new cookie for the http site you are just
navigating to. That cookie has nothing to do with
the secure site you just came from, and shouldn't be
able to tell them any info about the secure site.
I think you are worrying about something that isn't
really there.
What is your concern? That they pick up a JSESSIONID
from the cookie and can then pretend to be a
different user?Yes. A cookie is transmitted and stored unencrypted, I imagine (in any case, it should be more easily crackable than SSL). I wish Sun came up with an extension to the Session API where you would be able to explicitly specify which session-tracking protocols you want used and which ones you don't. At the moment their API abstracts and manages too much detail for you.
I mean, if my site is supposed to be secure while I'm using SSL, then you'd expect that no information about those secure sessions should leak outside the SSL protocol, wouldn't you say? -
I am doing session tracking in jsp. what my purpose is i want to stop the user, if the user is already logged in.
For this, i am creating a Hashtable and entering the user id and session id as key- value pairs into the hashtable when the user is loggin in, if not in the hashtale. If these values are already in the hashtable, i am restricting the user.
when the user selects the log out option, i am invalidating the session and deleting the values in the hash table. this is working fine.
What my problem is suppose if the user closes the window, the session will be expired. but,i am not able to delete the values which are in the hashtable.
and if the user is trying to log in, according to my logic it is allowing the user.
Thanks
Anupamai hope this would add-up to others' suggestion, albeit, i would recommend a bit change:
Given:
a. you're already implementing a session object that has pair value of user id and session id;
b. you want to restrict a user who previously logged-in but, say he/she accidentally or intentionally closed the browser, thus leaving his session object in the hashtable
Proposed Solution:
a. change your pair value from user id-session id to user id-passwd;
Explanation:
a. i believe that you maintain a user bean (with session scope) all throughout the web application;
b. i also believe that at the same time, you maintain other beans of the same scope, but that's out of question;
c. putting a session id will give you difficulties in validating a common user that previously logged in because each time a user logs-on, you generate a unique session id;
d. therefore, you cannot test equality of newly logged user and his new session id with that of his previous in the hashtable (if case pertains to abnormal browser termination);
e. changing a pair to user id and passwd will enable you to really trap and test if the new user has unterminated or invalidated session in the hashtable;
f. now, if previously logged user (with session still in the hastable) logs for the second time, you may invalidate his old session and give him a new session. -
Looking for an expert on session tracking
I've got some session code running on RH linux using Apache and Tomcat. About 7% of my users experience a session variable not being present after a <jsp:forward> (or sendRedirect). I was thinking that it was related to cookies and how sessions are tracked, but I am using both the default cookie session tracking as well as URL re-writing; when I turn my browser's cookies off, I start seeing the jsessionid being used and everything still seems to work ok.
Is there anyone out there who might be willing to help me figure this pup out...why 7% of my users can't be tracked (session.getAttribute() doesn't find something that was placed into the session directly before the redirect/forward)?
/paul
[email protected]OK, I've done a bunch of debugging. It appears all the folks who experience a "loss of session" have a URL with no parameters...even though I now parameters where passed.
Also, in some cases, the new URL that is being visited is accessed via either a <jsp:forward> or javascript's window.open.
Anyone know why some browsers might not pass parameters? -
Oracle Forms Session Tracking mechanism
Hi,
In this doc http://www.oracle.com/technology/products/forms/pdf/10g/troubleshooting_fls.pdf we can read the following:
The JsessionID, which uniquely identifies a Forms session. The Forms Listener Servlet uses two session tracking mechanisms:
- Cookies, where the Servlet container sends a cookie to the client.
The client returns the cookie to the server upon each HTTP
request, thereby associating the session with the cookie.
- URL rewriting, where the Servlet container appends a session ID
to the URL path, for example:
http://host[:port]/forms90/l90servlet;jsessionid=a23445bcde89
Does this means that forms uses one of those, or uses both mechanisms simultaneous?
anyone?
Regards
Ricardo
Edited by: user12015527 on Mar 10, 2010 2:39 PMduplicate post: Oracle forms session crashes.
-
Disable user and session tracking?
Hi there?
We would like to use Application Insights for everything except user and session tracking.
How can i disable these features in AI (we may not use cookies in our site)?
My guess is to change the applicationinsights.config file as below. Is there any documentation about the configuration file, right now im only guessing...
Cheers
/Niclas
<?xml version="1.0" encoding="utf-8"?>
<ApplicationInsights xmlns="http://schemas.microsoft.com/ApplicationInsights/2013/Settings" schemaVersion="2014-05-30">
<!--
Learn more about Application Insights configuration with ApplicationInsights.config here:
http://go.microsoft.com/fwlink/?LinkID=513840
-->
<TelemetryModules>
<Add Type="Microsoft.ApplicationInsights.Extensibility.Implementation.Tracing.DiagnosticsTelemetryModule, Microsoft.ApplicationInsights" />
<Add Type="Microsoft.ApplicationInsights.Extensibility.RuntimeTelemetry.RemoteDependencyModule, Microsoft.ApplicationInsights.Extensibility.RuntimeTelemetry" />
<Add Type="Microsoft.ApplicationInsights.Extensibility.PerfCollector.PerformanceCollectorModule, Microsoft.ApplicationInsights.Extensibility.PerfCollector" />
<Add Type="Microsoft.ApplicationInsights.Extensibility.Web.WebApplicationLifecycleModule, Microsoft.ApplicationInsights.Extensibility.Web" />
<Add Type="Microsoft.ApplicationInsights.Extensibility.Web.RequestTracking.TelemetryModules.WebRequestTrackingTelemetryModule, Microsoft.ApplicationInsights.Extensibility.Web" />
<Add Type="Microsoft.ApplicationInsights.Extensibility.Web.RequestTracking.TelemetryModules.WebExceptionTrackingTelemetryModule, Microsoft.ApplicationInsights.Extensibility.Web" />
<!-- <Add Type="Microsoft.ApplicationInsights.Extensibility.Web.RequestTracking.TelemetryModules.WebSessionTrackingTelemetryModule, Microsoft.ApplicationInsights.Extensibility.Web" />
<Add Type="Microsoft.ApplicationInsights.Extensibility.Web.RequestTracking.TelemetryModules.WebUserTrackingTelemetryModule, Microsoft.ApplicationInsights.Extensibility.Web" /> -->
</TelemetryModules>
<ContextInitializers>
<Add Type="Microsoft.ApplicationInsights.Extensibility.BuildInfoConfigComponentVersionContextInitializer, Microsoft.ApplicationInsights" />
<Add Type="Microsoft.ApplicationInsights.Extensibility.DeviceContextInitializer, Microsoft.ApplicationInsights" />
<Add Type="Microsoft.ApplicationInsights.Extensibility.MachineNameContextInitializer, Microsoft.ApplicationInsights" />
<Add Type="Microsoft.ApplicationInsights.Extensibility.Web.AzureRoleEnvironmentContextInitializer, Microsoft.ApplicationInsights.Extensibility.Web" />
</ContextInitializers>
<TelemetryInitializers>
<Add Type="Microsoft.ApplicationInsights.Extensibility.Web.TelemetryInitializers.WebOperationNameTelemetryInitializer, Microsoft.ApplicationInsights.Extensibility.Web" />
<Add Type="Microsoft.ApplicationInsights.Extensibility.Web.TelemetryInitializers.WebOperationIdTelemetryInitializer, Microsoft.ApplicationInsights.Extensibility.Web" />
<Add Type="Microsoft.ApplicationInsights.Extensibility.Web.TelemetryInitializers.WebUserTelemetryInitializer, Microsoft.ApplicationInsights.Extensibility.Web" />
<Add Type="Microsoft.ApplicationInsights.Extensibility.Web.TelemetryInitializers.WebSessionTelemetryInitializer, Microsoft.ApplicationInsights.Extensibility.Web" />
</TelemetryInitializers>
</ApplicationInsights>I'm not sure if we have a documentation about this somewhere yet. But your guess was right. You can remove 2 modules and AI will not read and set cookies.
Another option is to disable cookie setting but not reading. You would want this if you have JS SDK that sets cookies and you want Web SDK to read it and apply to server telemetry types.
<Add Type="Microsoft.ApplicationInsights.Extensibility.Web.RequestTracking.TelemetryModules.WebSessionTrackingTelemetryModule, Microsoft.ApplicationInsights.Extensibility.Web" >
<SetCookie>false</SetCookie>
</Add>
There are also 2 telemetry initializers for user and session. They take session and user from RequestTelemetry that was created by WebSdk and initialized in that modules and apply same session to other telemetry types like events and exceptions. If you cut
modules you can cut telemetry initializers as well.
Anastasia -
Is Flex Session Tracking browser compatible?
I have implemented Flex Session Tracking it works fine with
Internet Explorwer browser but it does not work with Mozilla? Is it
not browser compatible?Is it possible for you to send me your session tracking
codes, bcoz im also doing session tracking.
thanks -
What is session tracking in servlets?
Hi ,
I'm studying servlets I don't have the clear idea about session tracking and Why and where we need to use it. Can any one say about this.....
Thanks in advance,
Maheshwaran DevarajWell Mheshpmr session tracking in servlets is very important...There are a number of problems that arise from the fact that HTTP is a "stateless" protocol. In particular, when you are doing on-line shopping, it is a real annoyance that the Web server can't easily remember previous transactions. This makes applications like shopping carts very problematic: when you add an entry to your cart, how does the server know what's already in your cart? Even if servers did retain contextual information, you'd still have problems with e-commerce. When you move from the page where you specify what you want to buy (hosted on the regular Web server) to the page that takes your credit card number and shipping address (hosted on the secure server that uses SSL), now let me tell you, how does the server remember what you were buying?
Well There are three typical solutions to this problem.
1. Cookies. You can use HTTP cookies to store information about a shopping session, and each subsequent connection can look up the current session and then extract information about that session from some location on the server machine. This is an excellent alternative, and is the most widely used approach. However, even though servlets have a high-level and easy-to-use interface to cookies, there are still a number of relatively tedious details that need to be handled:
* Extracting the cookie that stores the session identifier from the other cookies (there may be many, after all),
* Setting an appropriate expiration time for the cookie (sessions interrupted by 24 hours probably should be reset), and
* Associating information on the server with the session identifier (there may be far too much information to actually store it in the cookie, plus sensitive data like credit card numbers should never go in cookies).
2. URL Rewriting. You can append some extra data on the end of each URL that identifies the session, and the server can associate that session identifier with data it has stored about that session. This is also an excellent solution, and even has the advantage that it works with browsers that don't support cookies or where the user has disabled cookies. However, it has most of the same problems as cookies, namely that the server-side program has a lot of straightforward but tedious processing to do. In addition, you have to be very careful that every URL returned to the user (even via indirect means like Location fields in server redirects) has the extra information appended. And, if the user leaves the session and comes back via a bookmark or link, the session information can be lost.
3. Hidden form fields. HTML forms have an entry that looks like the following: <INPUT TYPE="HIDDEN" NAME="session" VALUE="...">. This means that, when the form is submitted, the specified name and value are included in the GET or POST data. This can be used to store information about the session. However, it has the major disadvantage that it only works if every page is dynamically generated, since the whole point is that each session has a unique identifier.
Servlets provide an outstanding technical solution: the HttpSession API. This is a high-level interface built on top of cookies or URL-rewriting. In fact, on many servers, they use cookies if the browser supports them, but automatically revert to URL-rewriting when cookies are unsupported or explicitly disabled. But the servlet author doesn't need to bother with many of the details, doesn't have to explicitly manipulate cookies or information appended to the URL, and is automatically given a convenient place to store data that is associated with each session. -
hi
i am a newbie to j2ee. i am currently learning about session tracking in Servlets. i have written a simple program.
this is what its supposed to do:
FirstNameSessionServlet page
accept the first name of the user
submit
LastNameSessionServlet page
it shows the firstname name
show session id
accept the last name of the user
submit
FirstandLastNameSessionServlet page
show the first name
show the last name
show session id
show session attibutenames
FirstNameSessionServlet page output:
first name: textbox
submit
i enter abc into the textbox and click submit
LastNameSessionServlet
Your First Name is : abc(getParameter method used)
Your First Name is : null(getSession method used)
session id: CDFEBEEC7D599C70359AE52DBD1EAAEE session getLastAccessedTime1180087277281
last name textbox
submit
i enter def into the textbox and click submit
FirstandLastNameSessionServlet output page
your first name is: null
your last name is: def
session id: CDFEBEEC7D599C70359AE52DBD1EAAEE
session tracked success
i can't understand the use of getAttribute(); Can anybody please tell my why getAttribute(); is returning null when i am trying to access the firstname variable through this method. what am i doing wrong? thanx for your help
shankha
here is my code
FirstNameSessionServlet.java
[//FirstNameSessionServlet.java
package myname;
import java.io.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class FirstNameSessionServlet extends HttpServlet{
public void doGet(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException
doPost(req, res);
public void doPost(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException
res.setContentType("text/html");
PrintWriter pw=res.getWriter();
pw.println("<html><body>");
pw.println("<form action='/contentnames/uti/LastNameSessionServletpath' method='post'>");
pw.println("<p>First Name: <input type='text' name = 'firstname'></p>");
pw.println("<p><input type='submit' value='Enter'></p>");
String firstname= req.getParameter("firstname");
HttpSession sess = req.getSession(true);
sess.setAttribute("firstname",firstname);
pw.println("</form></body></html>");
pw.close();
LastNameSessionServlet.java
LastNameSessionServlet.java
//LastNameSessionServlet.java
package myname;
import java.io.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class LastNameSessionServlet extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException
doPost(req, res);
public void doPost(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException
res.setContentType("text/html");
PrintWriter pw=res.getWriter();
pw.println("<html><body>");
pw.println("<form action='/contentnames/uti/FirstandLastNameSessionServletpath' method='post'>");
String firstname= req.getParameter("firstname");
int attrib=1;
HttpSession sess = req.getSession();
String firstnamesession = (String) sess.getAttribute("firstname");
req.setAttribute("firstname", firstname);
req.setAttribute("firstnamesession",firstnamesession);
//req.setAttribute("firstname",firstname);
pw.println("<p>Your First Name is : "+firstname+"(getParameter method used)</p>");
pw.println("<p>Your First Name is : "+firstnamesession+"(getSession method used)</p><br><br><br>");
pw.println("session id: "+sess.getId());
pw.println("session getLastAccessedTime"+sess.getLastAccessedTime());
Enumeration names = sess.getAttributeNames();
while (names.hasMoreElements()) {
String name = (String) names.nextElement();
Object value = sess.getAttribute(name);
pw.println("<p>name=" + name + " value=" + value+"</p><br>");
pw.println("<p>Last Name: <input type='text' name='lastname'></p>");
pw.println("<p><input type='submit' value='Enter'></p>");
// HttpSession sesslast = req.getSession();
// sesslast.setAttribute("lastname","lastname");
pw.println("</form></body></html>");
pw.close();
FirstandLastNameSessionServlet.java
//FirstandLastNameSessionServlet.java
package myname;
import java.io.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class FirstandLastNameSessionServlet extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException
doPost(req, res);
public void doPost(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException
res.setContentType("text/html");
PrintWriter pw=res.getWriter();
pw.println("<html><body>");
HttpSession sess = req.getSession(true);
String firstname = (String)sess.getAttribute("firstname");
//String lastname = (String) sess.getAttribute("lastname");
String lastname = req.getParameter("lastname");
pw.println("<p>your first name is: "+firstname+"<br>");
pw.println("your last name is: "+lastname+"</p><br><br><br>");
Enumeration names = sess.getAttributeNames();
while (names.hasMoreElements()) {
String name = (String) names.nextElement();
Object value = sess.getAttribute(name);
pw.println("<p>name=" + name + " value=" + value);
pw.println("session id: "+ sess.getId());
pw.println("<h1>session tracked success</h1>");
pw.println("</body></html>");
pw.close();
}Your understanding of the flow seems to be a little flawed.
When you first open the FirstNameSessionServlet, you get the textbox asking for the firstname:
>
FirstNameSessionServlet.java
[public void doPost(HttpServletRequest req,
HttpServletResponse res) throws IOException,
ServletException
res.setContentType("text/html");
PrintWriter pw=res.getWriter();
pw.println("<html><body>");
pw.println("<form
m
action='/contentnames/uti/LastNameSessionServletpath'
method='post'>");
pw.println("<p>First Name: <input type='text'
' name = 'firstname'></p>");
pw.println("<p><input type='submit'
' value='Enter'></p>");//The running of the code till this point generates the HTML page, but your servlet is not done yet! Think of it as a function that till now, has printed some output ( the output being HTML code and the destination being the broswer ); but the function has not finished executing yet:
String firstname= req.getParameter("firstname");
HttpSession sess = req.getSession(true);
sess.setAttribute("firstname",firstname);
// Now, the immediately preceding part of your code creates a string and tries to put the value of the request parameter firstname into it and then put that string into the session object. But guess what? Your application has only just started running, this is your first page and there is no parameter in the request object with this name! This part of the code should come in the next servlet.
pw.println("</form></body></html>");
pw.close();
LastNameSessionServlet.java
String firstname=
= req.getParameter("firstname");// This time, req.getParameter() will work since you submitted the last form which had a textbox with this name, you'll get the contents of that box.
int attrib=1;
HttpSession sess = req.getSession();
String firstnamesession = (String)
) sess.getAttribute("firstname");//In the last servlet, you put in this parameter, but the value was null for reasons explained above.
HttpSession sesslast = req.getSession();
sesslast.setAttribute("lastname","lastname");
//Again, you will get null for lastname if you tried to access it from the request object since you only just created the field with that name and you would be trying to access it within the same servlet.
pw.println("</form></body></html>");
pw.close();
FirstandLastNameSessionServlet.java
HttpSession sess = req.getSession(true);
String firstname =
= (String)sess.getAttribute("firstname");//this will still not work since you never put a correct value in the session object ( should have done after req.getParameter("firstname") in the second servlet )
Maybe you are looking for
-
The geo-fence in Reminders doesn't work on my 4S since ios7.
The geo-fence in Reminders doesn't work on my 4S since ios7. Any reminders I put in as remind me at a location do not work. Location services are turned on. Maps work fine & show my location. Reminders are turned on in location services & I see t
-
Can i turn off 4g and go back to 3g?
i upgraded and shouldn't have. battery life *****. i want to go back to 3g. can i downgrade back to 3g or turn off the 4g for 3g somehow? i don't see how to? or could i uninstall ios5 for the previous version? i have a 4s.
-
How to add a poll to your website?
How do you add a poll to your website? Also how do get music to play continuesly? *Either answer would be helpful!* ,Thank You
-
Bill Cosby has admitted https://www.reddit.com/3cfx1r https://www.reddit.com/3cfxoo https://www.reddit.com/3cfyhx https://www.reddit.com/3cfz7w https://www.reddit.com/3cfzxf
-
The connection was reset The connection to the server was reset while the page was loading. * The site could be temporarily unavailable or too busy. Try again in a few moments. * If you are unable to load any pages, check your computer's network conn