In this tutorial, you will learn how to handle sessions in JSP by using session object.
The HTTP protocol is stateless. It means that there is no permanent connection between the client (web browser) and the Web Server. When a client requests a page from a web server, it opens a connection, retrieves the page, and closes the connection. Web servers don’t know what happens then on the client-side. In addition, If another request from a client is made, the webserver doesn’t associate the new connection with the connection that has been made.
In order to overcome the stateless of HTTP protocol, JSP provides you the implicit session object which is a HttpSession object. The session object resides on the server-side so you can keep arbitrary data about the client and other data as well in session and later on in different requests you can retrieve the saved data for processing. JSP stores data on the server-side in the session object by using a single key that the client remembers.
The session object has the three most important methods which you use most as bellows:
public void setAttribute(String name, Object value)
throws IllegalStateException
public Object getAttribute(String name)
throws IllegalStateException
public void removeAttribute(String name)
throws IllegalStateException
Code language: JavaScript (javascript)
Let’s take a look at an example of how to use a session object. In this example, we have three pages: On the first page, we collect data from the user, after that user submits the form to a second page which is used to store data in a session. On the last page, we get data back from the session and display it.
<html>
<head>
<title>JSP Form</title>
</head>
<body>
<form method="post" action="savetosession.jsp">
<table>
<tr>
<td>First Name</td>
<td><input type="text" name="firstname" /></td>
</tr>
<tr>
<td>Last Name</td>
<td><input type="text" name="lastName" /></td>
</tr>
<tr>
<td>Comments</td>
<td><textarea name="comments" cols="30" rows="5"></textarea></td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="submit" /></td>
</tr>
</table>
</form>
</body>
</html>
Code language: HTML, XML (xml)
In the form above, when the user enters information, clicks submit button, the data goes through the page savetosession.jsp
. In the savetosession.jsp
page, we save all the submitted data into the session object and forward the request to another page called display.jsp
page
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%
String firstName = request.getParameter("firstName");
String lastName = request.getParameter("lastName");
String comments = request.getParameter("comments");
// save data into the session
session.setAttribute("firstName", firstName);
session.setAttribute("lastName", lastName);
session.setAttribute("comments", comments);
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JSP Page</title>
</head>
<body>
<%-- forward to the display.jsp page--%>
<jsp:forward page="display.jsp" />
</body>
</html>
Code language: JavaScript (javascript)
As you see the code above, we use the setAttribute()
method to save data into the session object. Here is the page for displaying data in the session object: display.jsp
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<html>
<head>
<title>Displaying data in Session</title>
</head>
<body>
<h1>Displaying data in session object</h1>
<table>
<tr>
<td>First Name</td>
<td><%= session.getAttribute("firstName")%></td>
</tr>
<tr>
<td>Last Name</td>
<td><%= session.getAttribute("lastName")%></td>
</tr>
<tr>
<td>Comments</td>
<td><td><%= session.getAttribute("comments")%></td>
</tr>
</table>
</body>
</html>
Code language: HTML, XML (xml)
The code is obvious, we used the getAttribute()
method of the session
object to retrieve data which was entered in the form and displayed it on the page by using the expression.
How session works
When the server creates a new session, it always adds a session identifier in the form of a cookie. When the web browser asks for a page or makes a request, the web browser always sends a cookie that is created by the web server in the request. Therefore on the server-side, the web server checks for that cookie and finds the corresponding session that is matched to the received cookie.
The session normally short-lived so the session cookie is not saved into the disk. Session also has a timeout. When the time is out, the session is no longer exists on the server-side. You can set time out of the session in the configuration file in the server.