About Session Management in a Web Based Enterprise ApplicationIn a web based application a session is started when client makes a request and ends when the request ceases i.e. client has stopped requesting the services. During this interaction between client and the Web server (which will serve the client’s request) there is some exchange of information. This information can be client’s ID or password, any type of data filled in a web form etc. It is referred as session state. It is the responsibility of the application to find a way to maintain the session state as web components lacks persistence.
This can
be done at the client side as well as on server machine. The most common
techniques for storing the session state at the client side is by using
cookies, by rewriting URL and by using hidden field in the form. These ways
are dependent on the client machine and session state can be lost if the
client’s machine fails. To overcome these drawbacks there is an alternative
to maintain session state on the server. We will discuss the techniques
of storing session state by server later. First we will unleash the client
side session management techniques. Using cookies
to maintain a state is very common. It is a small piece of information
which is stored on client’s system and initially generated by the
web server in a HTTP response. The browser which receives this response
save the cookie in the client’s machine and include it in the subsequent
HTTP requests. For example
consider the following part of a HTTP response, HTTP/1.0
200 <html>...</html> Now the browser
receiving this request will generate the subsequent requests with the
following part: GET /book/java.jsp
HTTP/1.0 In URL rewriting
strategy some additional field names and values are extracted from the
web form, placed into a query string and then passed as a part of URL.
Consider the following case: <p><a
href=”http://www.ebooks.com/java/java1.jsp?ID=123>click here</a></p> Here we can
use two or more name and value pairs separated by &. For example in
the above mentioned URL if name is also passed it would look like: ?ID=123&NAME=Steven Now we will
move to the other way of maintaining session state which is by server
side. Definitely maintaining state through server is more secure and reliable.
This can be achieved through application state, session state or through
database support. In large
scale transaction, huge amount of data is transferred between client and
server. To maintain the session state it is important to store this data
till the session survives. So database support is used to handle this
situation. Other techniques
for session state management are by using application state or session
state. When the scope of information exchanged is application specific
i.e. information is shared by multiple sessions of an application and
it does not change frequently then application state is used to store
session. On the other
hand if we are dealing with information which changes frequently and there
is need of creating and maintaining every session state of application,
session state is used. So while using session object a unique session
id is assigned to every session in order to differentiate between the
multiple session states.
_______________________________________________________________________
FREE
Subscription
Subscribe
to our mailing list and receive new articles Note
: We never rent, trade, or sell my email lists to Visit
.NET Programming Tutorial Homepage ______________________________________________________ |
