Pseudo Sessions for JSP, Servlets and HTTP

The getValue method

This method allows you to retrieve values that you have stored in the pseudo session. Like the setValue method, this method also requires you to pass a valid session identifier. The session identifier won't be checked again for validity. The second argument is the name that the value you want to retrieve is associated with. The getValue method returns the value associated with name.

The getValue method has the following signature:

public String getValue(String sessionId, String name)

It basically finds the session text file and reads it line-by-line until it finds a match with name. When a match is found, the method returns the value; if a match is not found, it returns null.

The deleteAllInvalidSessions method

This method deletes text files associated with sessions that have expired. When the method is called depends on your application. Because an expired session text file has to be deleted when the getSessionID method is called, the deleteAllInvalidSessions method is not critical. You can, for example, write a program that runs in the background, which gets activated once a day to delete all expired session text files. However, the easiest way is to call this method at the end of a JSP file. If your site is very busy, however, the repeated call to this method would waste CPU time. You would be wise to write a background processor that calls this method every day during off-peak hours.

The signature of this method is given below.

public void deleteAllInvalidSessions()

It first reads all session text filenames into a String array called files.

File dir = new File(path); String[] files = dir.list();

It then needs to determine whether or not a session has expired by comparing the text file's last modified time with the System's current time after being offset by timeOut. The long variable now is used to store the System's current time.

long now = System.currentTimeMillis();

It then loops through the String array files and reads each text file's lastModified property. All text files associated with expired sessions will be deleted.

for (int i=0; i<files.length; i++) {

  File f = new File(path + files[i]);

  if (f.lastModified() + timeOut > now)

    f.delete();  // delete expired session text file.

}

Using the PseudoSessionBean

After compiling the PseudoSessionBean bean, you can use pseudo sessions to manage state information for your Web application. You don't have to use the server's session tracking mechanism. You indicate this by setting the session attribute to false in your page directive.

<%@ page session="false" %>

You then use the JSP Bean tags to tell the JSP container that you want to use the PseudoSessionBean bean.

<jsp:useBean id="PseudoSessionId" scope="application" 

 class="pseudosession.PseudoSessionBean" />

In the JSP Bean tags above the class attribute has the value of package.ClassName. This, of course, will be different if you have a different package name. Note that the scope of the bean is application because we want to use the same bean throughout all pages in the application. In this application, using the application scope is the most efficient one because you only want to create the bean object once. Also, as mentioned previously, getSessionID must be invoked before anything else.

<%

  String sessionId = PseudoSessionId.getSessionID(request);

%>

To illustrate the use of the PseudoSessionBean bean, the following are two JSP pages called index.jsp and secondPage.jsp. The index.jsp page stores the user's name value in the pseudo session object and the secondPage.jsp page retrieves the value.

The index.jsp page is given here.

<%@ page session="false" %>
<jsp:useBean id="PseudoSessionId" scope="application"   class="pseudosession.PseudoSessionBean" />
<%
  String sessionId = PseudoSessionId.getSessionID(request);
%>
<html>
<head>
<title>Pseudo Sessions</title>
</head>
<body>
<h1>
Pseudo Sessions for maintaining state
</h1>
<br />
<%
  String userName = "bulbul";
  PseudoSessionId.setValue(sessionId, "userName", userName);
%>
<a href=secondPage.jsp?sessionId=<%=sessionId%>>click here</a>
<br />
<form method="post" action=anotherPage.jsp?sessionId=<%=sessionId%>>
<br />Enter new value:
<input type="text" name="sample"><br />
<input type="submit" name="Submit" value="Submit">
</form>
</body>
</html>
<%
  PseudoSessionId.deleteAllInvalidSessions();
%>

Note that the hyperlinks are rewritten to include the session identifier in all occurrences. This includes the action attribute of the <form> tag. Also notice that the deleteAllInvalidSessions method is called at the end of the page.

The secondPage.jsp page simply returns the value of the user name stored previously.

<%@ page session="false" %>
<jsp:useBean id="PseudoSessionId" scope="application"
  class="pseudosession.PseudoSessionBean" />
<%
  String sessionId = PseudoSessionId.getSessionID(request);
%>
<html>
<head>
<title>Second Page</title>
</head>
<body>
<%
  String userName = PseudoSessionId.getValue(sessionId, "userName");
  out.println("The user name is " + userName);
%>
</body>
</html>

Conclusion

This article has shown how to use pseudo sessions to maintain user state information without the drawbacks of traditional session tracking mechanism. A bean that can be used in a JSP application has been described, and JSP pages that utilize the bean have also been presented. However, the project has been kept at its simplest form for the sake of clarity. There is still much room for improvement. For example, you can build a more sophisticated random number generator for the session identifiers. Also, you can extend the setValue and getValue methods so that you can store any type of object, not only String objects.

However, for most applications, the work in this article is sufficient to guarantee that you can have a good session tracking mechanism without sacrificing scalability.

Budi Kurniawan is a senior J2EE architect and author.

Return to ONJava.com.