Java/Servlets/Session
Содержание
- 1 Fake session
- 2 Map adaptor for HttpSession objects
- 3 Servlet: session attribute listener
- 4 Servlet: Session bind listener
- 5 Servlet: Session display
- 6 Session Creation and Last-Accessed Time
- 7 Servlet Session Example
- 8 Servlet : session filter
- 9 Servlet: session listener
- 10 Servlet: simple session
- 11 Session Info
- 12 Session Events: implements HttpSessionBindingListener
- 13 Session Expiration Filter
- 14 Session logger
- 15 Session Tracker
- 16 Session Details
Fake session
<source lang="java">
/*
* Copyright 2005 Joe Walker * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */
import java.util.Collections; import java.util.Enumeration; import java.util.HashMap; import java.util.Map; import javax.servlet.ServletContext; import javax.servlet.http.HttpSession;
/**
* For the benefit of anyone that wants to create a fake HttpSession * that doesn"t do anything other than not be null. * @author Joe Walker [joe at getahead dot ltd dot uk] */
public class FakeHttpSession implements HttpSession {
/** * Setup the creation time */ public FakeHttpSession() { creationTime = System.currentTimeMillis(); } /** * Setup the creation time * @param id The new session id */ public FakeHttpSession(String id) { this.id = id; creationTime = System.currentTimeMillis(); } /* (non-Javadoc) * @see javax.servlet.http.HttpSession#getCreationTime() */ public long getCreationTime() { return creationTime; } /* (non-Javadoc) * @see javax.servlet.http.HttpSession#getId() */ public String getId() { if (id == null) { System.out.println("Inventing data in FakeHttpSession.getId() to remain plausible."); id = "fake"; } return id; } /* (non-Javadoc) * @see javax.servlet.http.HttpSession#getLastAccessedTime() */ public long getLastAccessedTime() { return creationTime; } /* (non-Javadoc) * @see javax.servlet.http.HttpSession#getServletContext() */ public ServletContext getServletContext() { return null; } /* (non-Javadoc) * @see javax.servlet.http.HttpSession#setMaxInactiveInterval(int) */ public void setMaxInactiveInterval(int maxInactiveInterval) { this.maxInactiveInterval = maxInactiveInterval; } /* (non-Javadoc) * @see javax.servlet.http.HttpSession#getMaxInactiveInterval() */ public int getMaxInactiveInterval() { return maxInactiveInterval; } /** * @see javax.servlet.http.HttpSession#getSessionContext() * @deprecated */ @SuppressWarnings({"UnnecessaryFullyQualifiedName"}) @Deprecated public javax.servlet.http.HttpSessionContext getSessionContext() { return null; } /* (non-Javadoc) * @see javax.servlet.http.HttpSession#getAttribute(java.lang.String) */ public Object getAttribute(String name) { return attributes.get(name); } /* (non-Javadoc) * @see javax.servlet.http.HttpSession#getValue(java.lang.String) */ @Deprecated public Object getValue(String name) { return attributes.get(name); } /* (non-Javadoc) * @see javax.servlet.http.HttpSession#getAttributeNames() */ public Enumeration<String> getAttributeNames() { return Collections.enumeration(attributes.keySet()); } /* (non-Javadoc) * @see javax.servlet.http.HttpSession#getValueNames() */ @Deprecated public String[] getValueNames() { return attributes.keySet().toArray(new String[attributes.keySet().size()]); } /* (non-Javadoc) * @see javax.servlet.http.HttpSession#setAttribute(java.lang.String, java.lang.Object) */ public void setAttribute(String name, Object value) { attributes.put(name, value); } /* (non-Javadoc) * @see javax.servlet.http.HttpSession#putValue(java.lang.String, java.lang.Object) */ @Deprecated public void putValue(String name, Object value) { attributes.put(name, value); } /* (non-Javadoc) * @see javax.servlet.http.HttpSession#removeAttribute(java.lang.String) */ public void removeAttribute(String name) { attributes.remove(name); } /* (non-Javadoc) * @see javax.servlet.http.HttpSession#removeValue(java.lang.String) */ @Deprecated public void removeValue(String name) { attributes.remove(name); } /* (non-Javadoc) * @see javax.servlet.http.HttpSession#invalidate() */ public void invalidate() { } /* (non-Javadoc) * @see javax.servlet.http.HttpSession#isNew() */ public boolean isNew() { return true; } /** * The session id */ private String id = null; /** * The list of attributes */ private Map<String, Object> attributes = new HashMap<String, Object>(); /** * When were we created */ private long creationTime; /** * How long before we timeout? */ private int maxInactiveInterval = 30 * 60 * 1000;
}
</source>
Map adaptor for HttpSession objects
<source lang="java">
/*
* Copyright 2004-2005 Malcolm A. Edgar * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */
import java.util.Collection; import java.util.Collections; import java.util.Enumeration; import java.util.HashSet; import java.util.Iterator; import java.util.Map; import java.util.Set; import javax.servlet.http.HttpSession; /**
* Provides a Map adaptor for HttpSession objects. A SessionMap instance is
* available in each Velocity page using the name "session".
* <p/>
* For example suppose we have a User object in the session with the
* attribute name "user" when a user is logged on. We can display the users
* name in the page when the are logged onto the system.
*
* * <span class="red">#if</span> (<span class="blue">$session</span>.user) * <span class="blue">$session</span>.user.fullname you are logged on. * <span class="red">#else</span> * You are not logged on. * <span class="red">#end</span>
* * The ClickServlet adds a SessionMap instance to the Velocity Context before * it is merged with the page template. * <p/> * The SessionMap supports {@link FlashAttribute} which when accessed via * {@link #get(Object)} are removed from the session. * * @author Malcolm.Edgar */
public class SessionMap implements Map {
/** The internal session attribute. */ protected HttpSession session; /** * Create a HttpSession Map adaptor. * * @param value the http session */ public SessionMap(HttpSession value) { session = value; } /** * @see java.util.Map#size() */ public int size() { if (session != null) { int size = 0; Enumeration enumeration = session.getAttributeNames(); while (enumeration.hasMoreElements()) { enumeration.nextElement(); size++; } return size; } else { return 0; } } /** * @see java.util.Map#isEmpty() */ public boolean isEmpty() { return size() == 0; } /** * @see java.util.Map#containsKey(Object) */ public boolean containsKey(Object key) { if (session != null && key != null) { return session.getAttribute(key.toString()) != null; } else { return false; } } /** * This method is not supported and will throw * UnsupportedOperationException if invoked. * * @see java.util.Map#containsValue(Object) */ public boolean containsValue(Object value) { throw new UnsupportedOperationException(); } /** * If the stored object is a FlashObject this method will return the * FlashObject value and then remove it from the session. * * @see java.util.Map#get(Object) */ public Object get(Object key) { if (session != null && key != null) { Object object = session.getAttribute(key.toString()); if (object instanceof FlashAttribute) { FlashAttribute flashObject = (FlashAttribute) object; object = flashObject.getValue(); session.removeAttribute(key.toString()); } return object; } else { return null; } } /** * @see java.util.Map#put(Object, Object) */ public Object put(Object key, Object value) { if (session != null && key != null) { Object out = session.getAttribute(key.toString()); session.setAttribute(key.toString(), value); return out; } else { return null; } } /** * @see java.util.Map#remove(Object) */ public Object remove(Object key) { if (session != null && key != null) { Object out = session.getAttribute(key.toString()); session.removeAttribute(key.toString()); return out; } else { return null; } } /** * @see java.util.Map#putAll(Map) */ public void putAll(Map map) { if (session != null && map != null) { for (Iterator i = map.entrySet().iterator(); i.hasNext();) { Map.Entry entry = (Map.Entry) i.next(); String key = entry.getKey().toString(); Object value = entry.getValue(); session.setAttribute(key, value); } } } /** * @see java.util.Map#clear() */ public void clear() { if (session != null) { Enumeration enumeration = session.getAttributeNames(); while (enumeration.hasMoreElements()) { String name = enumeration.nextElement().toString(); session.removeAttribute(name); } } } /** * @see java.util.Map#keySet() */ public Set keySet() { if (session != null) { Set keySet = new HashSet(); Enumeration enumeration = session.getAttributeNames(); while (enumeration.hasMoreElements()) { keySet.add(enumeration.nextElement()); } return keySet; } else { return Collections.EMPTY_SET; } } /** * This method is not supported and will throw * UnsupportedOperationException if invoked. * * @see java.util.Map#values() */ public Collection values() { throw new UnsupportedOperationException(); } /** * @see java.util.Map#entrySet() */ public Set entrySet() { if (session != null) { Set entrySet = new HashSet(); Enumeration enumeration = session.getAttributeNames(); while (enumeration.hasMoreElements()) { String name = enumeration.nextElement().toString(); Object value = session.getAttribute(name); entrySet.add(value); } return entrySet; } else { return Collections.EMPTY_SET; } }
}
</source>
Servlet: session attribute listener
<source lang="java">
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSessionAttributeListener; import javax.servlet.http.HttpSessionBindingEvent; public class SessionAttribListen implements HttpSessionAttributeListener {
/** Creates new SessionAttribListen */ public SessionAttribListen() { System.out.println(getClass().getName()); } public void attributeAdded(HttpSessionBindingEvent se) { HttpSession session = se.getSession(); String id = session.getId(); String name = se.getName(); String value = (String) se.getValue(); String source = se.getSource().getClass().getName(); String message = new StringBuffer("Attribute bound to session in ") .append(source).append("\nThe attribute name: ").append(name) .append("\n").append("The attribute value:").append(value) .append("\n").append("The session ID: ").append(id).toString(); System.out.println(message); } public void attributeRemoved(HttpSessionBindingEvent se) { HttpSession session = se.getSession(); String id = session.getId(); String name = se.getName(); if (name == null) name = "Unknown"; String value = (String) se.getValue(); String source = se.getSource().getClass().getName(); String message = new StringBuffer("Attribute unbound from session in ") .append(source).append("\nThe attribute name: ").append(name) .append("\n").append("The attribute value: ").append(value) .append("\n").append("The session ID: ").append(id).toString(); System.out.println(message); } public void attributeReplaced(HttpSessionBindingEvent se) { String source = se.getSource().getClass().getName(); String message = new StringBuffer("Attribute replaced in session ") .append(source).toString(); System.out.println(message); }
}
</source>
Servlet: Session bind listener
<source lang="java">
import java.util.HashMap; import java.util.Map; import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSessionBindingEvent; import javax.servlet.http.HttpSessionBindingListener; public class SessionBindListen implements HttpSessionBindingListener {
private Map info; /** Creates new SessionBindListen */ public SessionBindListen() { //zero-arg constructor info = new HashMap(); } public void valueBound(HttpSessionBindingEvent be) { HttpSession session = be.getSession(); String id = session.getId(); String name = be.getName(); Object value = be.getValue(); String source = be.getSource().getClass().getName(); String message = new StringBuffer("Attribute bound to session in ") .append(source).append("\nThe attribute name: ").append(name) .append("\n").append("The attribute value: ").append(value) .append("\n").append("The session id: ").append(id).toString(); System.out.println(message); } public void valueUnbound(HttpSessionBindingEvent be) { HttpSession session = be.getSession(); String id = session.getId(); String name = be.getName(); if (name == null) name = "Unknown"; String source = be.getSource().getClass().getName(); String message = new StringBuffer("Attribute unbound from session in ") .append(source).append("\nThe attribute name: ").append(name) .append("\n").append("The session id: ").append(id).toString(); //clear Map; send message info.clear(); System.out.println(message + "\nThe size of the HashMap is: " + info.size()); } public void addInfo(String name, String email) { info.put(email, name); }
}
</source>
Servlet: Session display
<source lang="java">
import java.text.DateFormat; import java.util.Date; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; public class SessionDisplay extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, java.io.IOException { response.setContentType("text/html"); java.io.PrintWriter out = response.getWriter(); HttpSession session = request.getSession(); Date creationTime = new Date(session.getCreationTime()); Date lastAccessed = new Date(session.getLastAccessedTime()); Date now = new Date(); DateFormat formatter = DateFormat.getDateTimeInstance( DateFormat.MEDIUM, DateFormat.MEDIUM); out.println("<html>"); out.println("<head>"); out.println("<title>Displaying the Session Creation and Last-Accessed Time</title>"); out.println("</head>"); out.println("<body>");out.println("
Session Creation and Last-Accessed Time
");out.println("The time and date now is: " + formatter.format(now) + "
"); out.println("The session creation time: HttpSession.getCreationTime( ): " + formatter.format(creationTime) + "
"); out.println("The last time the session was accessed: HttpSession.getLastAccessedTime( ): " + formatter.format(lastAccessed)); out.println("</body>"); out.println("</html>"); }
}
</source>
Servlet Session Example
<source lang="java">
/*
* Copyright 2004 The Apache Software Foundation * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */
/* $Id: SessionExample.java,v 1.4 2004/03/18 16:40:33 jfarcand Exp $
* */
import java.io.*; import java.text.*; import java.util.*; import javax.servlet.*; import javax.servlet.http.*; /**
* Example servlet showing request headers * * @author James Duncan Davidson <duncan@eng.sun.ru> */
public class SessionExample extends HttpServlet {
ResourceBundle rb = ResourceBundle.getBundle("LocalStrings"); public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<html>"); out.println("<body bgcolor=\"white\">"); out.println("<head>"); String title = rb.getString("sessions.title"); out.println("<title>" + title + "</title>"); out.println("</head>"); out.println("<body>"); // img stuff not req"d for source code html showing // relative links everywhere! // XXX // making these absolute till we work out the // addition of a PathInfo issue out.println(""); out.println("</body>"); out.println("</html>"); out.println("</body>"); out.println("</html>"); } public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { doGet(request, response); }
} /*
* Copyright 2004 The Apache Software Foundation * * Licensed under the Apache License, Version 2.0 (the "License"); you may not * use this file except in compliance with the License. You may obtain a copy of * the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the * License for the specific language governing permissions and limitations under * the License. */
/**
* HTML filter utility. * * @author Craig R. McClanahan * @author Tim Tye * @version $Revision: 1.2 $ $Date: 2004/03/18 16:40:34 $ */
final class HTMLFilter {
/** * Filter the specified message string for characters that are sensitive in * HTML. This avoids potential attacks caused by including JavaScript codes * in the request URL that is often reported in error messages. * * @param message * The message string to be filtered */ public static String filter(String message) { if (message == null) return (null); char content[] = new char[message.length()]; message.getChars(0, message.length(), content, 0); StringBuffer result = new StringBuffer(content.length + 50); for (int i = 0; i < content.length; i++) { switch (content[i]) { case "<": result.append("<"); break; case ">": result.append(">"); break; case "&": result.append("&"); break; case """: result.append("""); break; default: result.append(content[i]); } } return (result.toString()); }
}
</source>
Servlet : session filter
<source lang="java">
import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; public class SessionFilter implements Filter {
private FilterConfig config; /** Creates new SessionFilter */ public SessionFilter() { } public void init(FilterConfig filterConfig) throws ServletException { System.out.println("Instance created of " + getClass().getName()); this.config = filterConfig; } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws java.io.IOException, ServletException { HttpSession session = ((HttpServletRequest) request).getSession(); ServletContext context = config.getServletContext(); /* * use the ServletContext.log method to log filter messages */ context.log("doFilter called in: " + config.getFilterName() + " on " + (new java.util.Date())); // log the session ID context.log("session ID: " + session.getId()); // Find out whether the logged-in session attribute is set String logged = (String) session.getAttribute("logged-in"); if (logged == null) session.setAttribute("logged-in", "no"); //log a message about the log-in status context.log("log-in status: " + (String) session.getAttribute("logged-in")); context.log(""); chain.doFilter(request, response); } public void destroy() { /* * called before the Filter instance is removed from service by the web * container */ }
}
</source>
Servlet: session listener
<source lang="java">
import java.util.Date; import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSessionEvent; import javax.servlet.http.HttpSessionListener; public class SessionListen implements HttpSessionListener {
private int sessionCount; public SessionListen() { this.sessionCount = 0; } public void sessionCreated(HttpSessionEvent se) { HttpSession session = se.getSession(); session.setMaxInactiveInterval(60); synchronized (this) { sessionCount++; } String id = session.getId(); Date now = new Date(); String message = new StringBuffer("New Session created on ").append( now.toString()).append("\nID: ").append(id).append("\n") .append("There are now ").append("" + sessionCount).append( " live sessions in the application.").toString(); System.out.println(message); } public void sessionDestroyed(HttpSessionEvent se) { HttpSession session = se.getSession(); String id = session.getId(); synchronized (this) { --sessionCount; } String message = new StringBuffer("Session destroyed" + "\nValue of destroyed session ID is").append("" + id).append( "\n").append("There are now ").append("" + sessionCount) .append(" live sessions in the application.").toString(); System.out.println(message); }
}
</source>
Servlet: simple session
<source lang="java">
import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; public class SimpleSession extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, java.io.IOException { response.setContentType("text/html"); java.io.PrintWriter out = response.getWriter(); HttpSession session = request.getSession(); out.println("<html>"); out.println("<head>"); out.println("<title>Simple Session Tracker</title>"); out.println("</head>"); out.println("<body>");out.println("
Session Info
");out.println("session Id: " + session.getId() + "
"); out.println("The SESSION TIMEOUT period is " + session.getMaxInactiveInterval() + " seconds.
"); out.println("Now changing it to 20 minutes.
"); session.setMaxInactiveInterval(20 * 60); out.println("The SESSION TIMEOUT period is now " + session.getMaxInactiveInterval() + " seconds."); out.println("</body>"); out.println("</html>"); } /** * Handles the HTTPPOST
method. * * @param request * servlet request * @param response * servlet response */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, java.io.IOException { doGet(request, response); }
}
</source>
Session Events: implements HttpSessionBindingListener
<source lang="java">
import java.io.IOException; import java.io.PrintWriter; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSessionBindingEvent; import javax.servlet.http.HttpSessionBindingListener; public class Binder extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { resp.setContentType("text/html"); PrintWriter out = resp.getWriter(); HttpSession session = req.getSession(true); SessionObject o = new SessionObject(getServletContext()); session.setAttribute("Binder.object", o); out.println("<html>"); out.println("<head>"); out.println("<title>Session Binder</title>"); out.println("</head>"); out.println("<body>"); out.println("Object bound to session " + session.getId()); out.println("</body>"); out.println("</html>"); out.flush(); }
} class SessionObject implements HttpSessionBindingListener {
ServletContext context; public SessionObject(ServletContext context) { this.context = context; } public void valueBound(HttpSessionBindingEvent event) { context.log("" + (new java.util.Date()) + " Binding " + event.getName() + " to session " + event.getSession().getId()); } public void valueUnbound(HttpSessionBindingEvent event) { context.log("" + (new java.util.Date()) + " Unbinding " + event.getName() + " from session " + event.getSession().getId()); }
}
</source>
Session Expiration Filter
<source lang="java">
/*
************************************************************************************ * Copyright (C) 2008-2009 Openbravo S.L. * Licensed under the Apache Software License version 2.0 * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 * Unless required by applicable law or agreed to in writing, software distributed * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR * CONDITIONS OF ANY KIND, either express or implied. See the License for the * specific language governing permissions and limitations under the License. ************************************************************************************ */
import java.io.IOException; import java.util.Date; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; public class SessionExpirationFilter implements Filter {
public void init(FilterConfig config) { } public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { HttpServletRequest hReq = (HttpServletRequest) req; HttpSession session = hReq.getSession(false); if (null != session) { Date expirationDate = (Date) session.getAttribute("expirationDate"); if (expirationDate == null) expirationDate = new Date(System.currentTimeMillis() + 1000000); // only // for // make // false // "expirationDate.before(new Date())" // in // the // first // execution if (expirationDate.before(new Date())) { session.invalidate(); session = null; } else { // ignore requests marked as both ajaxCall and ignoreForSessionTimeout String isAjaxCall = hReq.getParameter("IsAjaxCall"); String ignoreForSessionTimeout = hReq.getParameter("ignoreForSessionTimeout"); boolean ignoreForTimeout = "1".equals(isAjaxCall) && ("1".equals(ignoreForSessionTimeout)); if (ignoreForTimeout) { // Do nothing; don"t update the session timestamp } else { session.setAttribute("expirationDate", new Date(System.currentTimeMillis() + session.getMaxInactiveInterval() * 1000)); } } } chain.doFilter(req, resp); } public void destroy() { }
}
</source>
Session logger
<source lang="java">
//Log4j from Apache is required
import org.apache.log4j.Logger; import org.apache.log4j.PropertyConfigurator; import javax.servlet.*; import javax.servlet.http.*; public class SessionLogger implements HttpSessionListener {
private Logger log; public SessionLogger() { /* * The loggers are typically initialized by a special initialization * listener or servlet. If this is not the case, then initialize the * logger here: * * java.util.ResourceBundle bundle = java.util.ResourceBundle.getBundle( * "com.jexp.global"); * PropertyConfigurator.configure(bundle.getString( * "log-configure-path")); */ log = Logger.getLogger(SessionLogger.class); } public void sessionCreated(HttpSessionEvent se) { //log request of the INFO level log.info("HttpSession created: " + se.getSession().getId()); } public void sessionDestroyed(HttpSessionEvent se) { //log request about session"s that are invalidated log.info("HttpSession invalidated: " + se.getSession().getId()); }
}
</source>
Session Tracker
<source lang="java">
import java.io.PrintWriter; import java.io.IOException; import java.util.Date; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; public class SessionTracker extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res)throws ServletException, IOException { res.setContentType("text/html"); PrintWriter out = res.getWriter(); HttpSession session = req.getSession(true); Integer count = (Integer) session.getAttribute("count"); if (count == null) { count = new Integer(1); } else { count = new Integer(count.intValue() + 1); } session.setAttribute("count", count); out.println("<html><head><title>SessionSnoop</title></head>");out.println("<body>
Session Details
");out.println("You"ve visited this page " + count + ((count.intValue()== 1) ? " time." : " times.") + "out.println("
");
Details of this session:
");out.println("Session id: " + session.getId() + "
"); out.println("New session: " + session.isNew() + "
"); out.println("Timeout: " + session.getMaxInactiveInterval() + "
"); out.println("Creation time: " + new Date(session.getCreationTime()) + "
"); out.println("Last access time: " + new Date(session.getLastAccessedTime()) + "
"); out.println("</body></html>"); }
}
</source>
Use cookie to save session data
<source lang="java">
import java.io.IOException; import java.io.PrintWriter; import java.io.UnsupportedEncodingException; import java.net.URLEncoder; import javax.servlet.ServletException; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ShoppingCartViewerCookie extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { res.setContentType("text/html"); PrintWriter out = res.getWriter(); String sessionid = null; Cookie[] cookies = req.getCookies(); if (cookies != null) { for (int i = 0; i < cookies.length; i++) { if (cookies[i].getName().equals("sessionid")) { sessionid = cookies[i].getValue(); break; } } } // If the session ID wasn"t sent, generate one. // Then be sure to send it to the client with the response. if (sessionid == null) { sessionid = generateSessionId(); Cookie c = new Cookie("sessionid", sessionid); res.addCookie(c); } out.println("<HEAD><TITLE>Current Shopping Cart Items</TITLE></HEAD>"); out.println("<BODY>"); // Cart items are associated with the session ID String[] items = getItemsFromCart(sessionid); // Print the current cart items. out.println("You currently have the following items in your cart:out.println("
"); if (items == null) { out.println("None"); } else {
- ");
for (int i = 0; i < items.length; i++) {
out.println("
- " + items[i]); } out.println("
} // Ask if they want to add more items or check out. out.println("<FORM ACTION=\"/servlet/ShoppingCart\" METHOD=POST>"); out.println("Would you like to
"); out.println("<INPUT TYPE=SUBMIT VALUE=\" Add More Items \">"); out.println("<INPUT TYPE=SUBMIT VALUE=\" Check Out \">"); out.println("</FORM>"); // Offer a help page. out.println("For help, click "); out.println("</BODY></HTML>"); } private static String generateSessionId() throws UnsupportedEncodingException { String uid = new java.rmi.server.UID().toString(); // guaranteed unique return URLEncoder.encode(uid,"UTF-8"); // encode any special chars } private static String[] getItemsFromCart(String sessionid) { return new String[]{"a","b"}; }
}
</source>
<source lang="java">
import java.io.IOException; import java.io.PrintWriter; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ShoppingCartViewerHidden extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { res.setContentType("text/html"); PrintWriter out = res.getWriter(); out.println("<HEAD><TITLE>Current Shopping Cart Items</TITLE></HEAD>"); out.println("<BODY>"); // Cart items are passed in as the item parameter. String[] items = req.getParameterValues("item"); // Print the current cart items. out.println("You currently have the following items in your cart:out.println("
"); if (items == null) { out.println("None"); } else {
- ");
for (int i = 0; i < items.length; i++) {
out.println("
- " + items[i]); } out.println("
} // Ask if the user wants to add more items or check out. // Include the current items as hidden fields so they"ll be passed on. out.println("<FORM ACTION=\"/servlet/ShoppingCart\" METHOD=POST>"); if (items != null) { for (int i = 0; i < items.length; i++) { out.println("<INPUT TYPE=HIDDEN NAME=\"item\" VALUE=\"" + items[i] + "\">"); } } out.println("Would you like to
"); out.println("<INPUT TYPE=SUBMIT VALUE=\" Add More Items \">"); out.println("<INPUT TYPE=SUBMIT VALUE=\" Check Out \">"); out.println("</FORM>"); out.println("</BODY></HTML>"); }
}
</source>
Use URL rewrite to save session data
<source lang="java">
import java.io.IOException; import java.io.PrintWriter; import java.io.UnsupportedEncodingException; import java.net.URLEncoder; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ShoppingCartViewerRewrite extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { res.setContentType("text/html"); PrintWriter out = res.getWriter(); out.println("<HEAD><TITLE>Current Shopping Cart Items</TITLE></HEAD>"); out.println("<BODY>"); // Get the current session ID, or generate one if necessary String sessionid = req.getPathInfo(); if (sessionid == null) { sessionid = generateSessionId(); } // Cart items are associated with the session ID String[] items = getItemsFromCart(sessionid); // Print the current cart items. out.println("You currently have the following items in your cart:out.println("
"); if (items == null) { out.println("None"); } else {
- ");
for (int i = 0; i < items.length; i++) {
out.println("
- " + items[i]); } out.println("
} // Ask if the user wants to add more items or check out. // Include the session ID in the action URL. out.println("<FORM ACTION=\"/servlet/ShoppingCart/" + sessionid + "\" METHOD=POST>"); out.println("Would you like to
"); out.println("<INPUT TYPE=SUBMIT VALUE=\" Add More Items \">"); out.println("<INPUT TYPE=SUBMIT VALUE=\" Check Out \">"); out.println("</FORM>"); // Offer a help page. Include the session ID in the URL. out.println("For help, click "); out.println("</BODY></HTML>"); } private static String generateSessionId() throws UnsupportedEncodingException { String uid = new java.rmi.server.UID().toString(); // guaranteed unique return URLEncoder.encode(uid, "UTF-8"); // encode any special chars } private static String[] getItemsFromCart(String sessionid) { return new String[] { "a", "b" }; }
}
</source>