STABForge

Software Tech. Accelerator Blog

Session & Cookies: Effortless Multi-Page Handling

Posted on by Gokulan V S
Session


Session ManagementSession

Introduction:

In the world of Web Applications , Java Servlet is one of the best way to create a webapp.but creating a multi-page form in Java Servlets made me confuse little bit , especially when passing user input across multiple pages. When i was working on my Java project , i faced challenges like retrieving and maintaining data across two pages , each page containing 5 questions with 4 options. I confused how to retrieve the input and ensure user select atleast one of the option and answer all the 5 questions before moving to the next page. I found that session management and required attribute will help.

The Challenge : Managing Multi-Page Form Input

When designing multipage Form, we need to :
#Session store user responses across multiple pages.
#Request attribute will prevent the move on to the next page if no answer is selected
#Retrieve and process all the response at the end of the quiz.

Session Management in Java

When you visit a website and log in, the website needs to remember who you are as you navigate between different pages. This is where session management helps. It ensures that your login information, and other details are available.This ensures a seamless experience, such as keeping items in a shopping cart or maintaining account access without repeated logins. The session data is stored in a secure, encoded format (binary values) and can only be decoded by the server, enhancing security. Each time the user opens a new page, the session ID is checked to verify their identity. Sessions automatically expire after a set time or when the user logs out to prevent unauthorized access. Since session data is managed by the server, it remains secure, preventing hackers from easily stealing information. Thus, session management plays a crucial role in providing a smooth and safe browsing experience on websites.

Roles of Cookies and Security Measures

Cookies and other tracking mechanisms play a crucial role in session management, helping websites remember users and their activities. Cookies are small pieces of data stored on a user’s device by the web browser when they visit a website

1.Cookies

                          When a user logs into a website, the server generates a unique ID for that user. This unique ID is stored in a session cookie, which is assigned to the user. The purpose of this cookie is to help the website recognize the user while they browse different pages. So that the user doesn’t have to log in repeatedly while using the website. the website retrieves the login details from the session cookie, allowing the user to stay logged in. But for security reasons, this cookie is stored only for a limited time and is automatically deleted once the user logs out or closes the browser.

2.Persistent Cookies:
                   Persistent cookies remain stored on the user’s device for a longer period. Websites use persistent cookies  to remember users even after they close and reopen their browser. This allows for features like “Remember Me” checkboxes  on login pages, where users don’t have to enter their login details every time they visit the site.
3. Security Measures:

Cookies can also store anti-CSRF (Cross-Site Request Forgery) tokens.Websites use anti-CSRF tokens to prevent malicious attacks where hackers try to trick users into performing changing passwords or making transactions without their consent.

 

How to get a session?

In Java Servlets, the HttpSession interface provides a way to regulate the state/information about a user across multiple requests. It is a part of javax.servlet.http package.

Retrieving HttpSession in Servlets:

We can use the getSession() method to create a HttpSession Object.

HttpSession HS= request.getSession();

Common Methods

1.setAttribute(String name, Object value)

This associates the specified value to the specifed name in particular session.This can be used to store data that
needs to be managed across multiple requests.

HttpSession HS= request.getSession();
HS.setAttribute(“username”,”James Gosling”);

2.getAttribute(String name)

Returns the value which is associated with the specified name in the particular session. This is used to retieve
previously stored session attributes.

HttpSession HS= request.getSession();
String name= (String)HS.getAttribute(“username”);

3.removeAttribute(String name)

It removes the attribute with the specified name from the session.

HttpSession HS= request.getSession();
HS.removeAttribute(“username”);

4.invalidate()

Once the services are completed , it is necessary to destroy to de

st royth e session object.

HttpSession HS= request.getSession();
HS.invalidate();

Required Attribute:

The required attribute is used in form elements to ensure that users fill out a field before submitting the form.
It is a Boolean attribute, meaning that it does not require a value – simply adding required makes the field mandatory.

How required works:

When applied to an input field, the form cannot be submitted until the field is filled.

It works with the constraint validation API, meaning the browser automatically prevents submission if the field is left empty.

Example Usage in HTML Form:

<form action=”submit” method=”post”>
<label for=”name”>Name:</label>
<input type=”text” id=”name” name=”name” required>
<br>
<label for=”email”>Email:</label>
<input type=”email” id=”email” name=”email” required>
<br>
<input type=”submit” value=”Submit”>
</form>

Session Management: Session Management in Java | GeeksforGeeks

Required Attribute : How to use the required attribute in HTML ? | GeeksforGeeks

Check out more Blogs – Click here

Visit LinkedIn page – Click Here