About Session Management in a Web Based Enterprise ApplicationIn a web based application a session is started when client makes a request and ends when the request ceases i.e. client has stopped requesting the services. During this interaction between client and the Web server (which will serve the client’s request) there is some exchange of information. This information can be client’s ID or password, any type of data filled in a web form etc. It is referred as session state. It is the responsibility of the application to find a way to maintain the session state as web components lacks persistence.
This can be done at the client side as well as on server machine. The most common techniques for storing the session state at the client side is by using cookies, by rewriting URL and by using hidden field in the form. These ways are dependent on the client machine and session state can be lost if the client’s machine fails. To overcome these drawbacks there is an alternative to maintain session state on the server. We will discuss the techniques of storing session state by server later. First we will unleash the client side session management techniques. Using cookies to maintain a state is very common. It is a small piece of information which is stored on client’s system and initially generated by the web server in a HTTP response. The browser which receives this response save the cookie in the client’s machine and include it in the subsequent HTTP requests. For example consider the following part of a HTTP response, HTTP/1.0
200 <html>...</html> Now the browser receiving this request will generate the subsequent requests with the following part: GET /book/java.jsp
HTTP/1.0 In URL rewriting strategy some additional field names and values are extracted from the web form, placed into a query string and then passed as a part of URL. Consider the following case: <p><a href=”http://www.ebooks.com/java/java1.jsp?ID=123>click here</a></p> Here we can
use two or more name and value pairs separated by &. For example in
the above mentioned URL if name is also passed it would look like: ?ID=123&NAME=Steven Now we will move to the other way of maintaining session state which is by server side. Definitely maintaining state through server is more secure and reliable. This can be achieved through application state, session state or through database support. In large scale transaction, huge amount of data is transferred between client and server. To maintain the session state it is important to store this data till the session survives. So database support is used to handle this situation. Other techniques for session state management are by using application state or session state. When the scope of information exchanged is application specific i.e. information is shared by multiple sessions of an application and it does not change frequently then application state is used to store session. On the other hand if we are dealing with information which changes frequently and there is need of creating and maintaining every session state of application, session state is used. So while using session object a unique session id is assigned to every session in order to differentiate between the multiple session states.
|