Http Session Management – Hidden Form Field

Http protocol is stateless. Web server will not remember whether a new request comes from same client or not. But in some cases such as shopping cart or user register manager, we should know which request comes from which client user. Http session is just the solution to resolve this problem.

Http Session represent a user’s interaction with a web server during a period of time. You can store user data such as user selected shop items or user register information in it. If the user browse the website use same web browser in same client device then all the later actions that user interact with web server can be managed by the same session object. In one word, Http session can be used to manage conversation state between client user and web server.

Session tracking is a technology that can be used to maintain user data state that belong to the same client user. We can use below techniques to implement session tracking.

  1. Hidden Form Field
  2. Cookies
  3. HttpSession

Hidden Form Field

This is the most original method to hold user status data in a session. You just need to create such a form filed in html form tag and save the data value in it. Then you can get the value back in another servlet that the html form submit to. This method is web browser independent. Because html form is accepted by almost all web browsers.

<form method="post" action="/HttpSessionExample">
<input type="hidden" name="userName" value="Jerry Zhao">
<input type="hidden" name="password" value="dev2qa.com">
<input type="hidden" name="email" value="[email protected]">
</form>

Advantage

  1. Can be used in all web browser.
  2. Still work well when cookie is disabled by client web browser.

Disadvantage

  1. Only can store textual Object data.
  2. Code maintenance is complex, need to add more form in web page.
  3. Can only use sendRedirect() to navigate between different pages in a session.
  4. Need to add form submit data into the request parameters of the redirect page url to transfer them between different pages.
  5. Not secure. Other user can hack into your form field data by explore html source code.
READ :   Java Servlet Interview Questions and Answers

Java Code Example 

This is a user register example. There has three jsp pages and one servlet.

  1. http://localhost:8080/Dev2qaWebAppExample/pages/regist/inputUserAccount.jsp
    Let user to enter user name and password.
  2. http://localhost:8080/Dev2qaWebAppExample/pages/regist/inputUserEmail.jsp
    Let user to enter user email.
  3. http://localhost:8080/Dev2qaWebAppExample/pages/regist/finish.jsp
    Let user to confirm account data.
  4. com.dev2qa.example.servletsession.SessionManageHiddenField
    This is the servlet that control all register process. Include page navigation and user account information transfer between different jsp pages.

Hidden form fields in different jsp page

Form fields in inputUserEmail.jsp that used to save userName and password value user entered in previous jsp page inputUserAccount.jsp

<input type="hidden" name="userName" value="<%=request.getParameter("userName") %>" />
<input type="hidden" name="password" value="<%=request.getParameter("password") %>" />

Form fields in finish.jsp that used to save userName, password and email value user entered in previous jsp pages inputUserAccount.jsp and inputUserEmail.jsp

<input type="hidden" name="userName" value="<%=request.getParameter("userName") %>" />
<input type="hidden" name="password" value="<%=request.getParameter("password") %>" />
<input type="hidden" name="email" value="<%=request.getParameter("email") %>" />

When user click “Finish” button in finish.jsp then all the user information that user entered in all previous jsp pages will submit to SessionManageHiddenField servlet.

Transfer user enter data between different jsp page

This example use below navigation method to transfer user register data between different pages.

			/* Go to finish.jsp and transfer userName, password and email as request parameters.*/
			targetUrl = contextPath + "/pages/regist/finish.jsp?userName="+userName+"&password="+password+"&email="+email;

You can see below page url in web browser when run it.

http://localhost:8080/Dev2qaWebAppExample/pages/regist/finish.jsp?userName=hello&password=hi&[email protected]

Source Codes

  1. /pages/regist/inputUserAccount.jsp

    Access Url: http://localhost:8080/Dev2qaWebAppExample/pages/regist/inputUserAccount.jsp

    Session management Hidden form field inputUserAccount page

    <form action="/Dev2qaWebAppExample/SessionManageHiddenField" method="post">
    <input type="hidden" name="action" value="inputUserAccount" />
    UserName: <input type="text" id="userName" name="userName"/><br/>
    Password: <input type="password" id="password" name="password"/><br/>
    <input type="submit" value="Submit"/>
    </form>
  2. /pages/regist/inputUserEmail.jsp
    Session management Hidden form field inputUserEmail page

    <form action="/Dev2qaWebAppExample/SessionManageHiddenField" method="post">
    <input type="hidden" name="action" value="inputUserEmail" />
    <input type="hidden" name="userName" value="<%=request.getParameter("userName") %>" />
    <input type="hidden" name="password" value="<%=request.getParameter("password") %>" />
    Email: <input type="text" id="email" name="email"/><br/>
    <input type="submit" value="Submit"/>
    </form>
  3. /pages/regist/finish.jsp
    Session management Hidden form field finish page

    <form action="/Dev2qaWebAppExample/SessionManageHiddenField" method="post">
    <input type="hidden" name="action" value="finishRegister" />
    <input type="hidden" name="userName" value="<%=request.getParameter("userName") %>" />
    <input type="hidden" name="password" value="<%=request.getParameter("password") %>" />
    <input type="hidden" name="email" value="<%=request.getParameter("email") %>" />
    
    Please confirm below user information then click Finish button to register.<br/><br/>
    User Name: <%=request.getParameter("userName") %><br/>
    Password: <%=request.getParameter("password") %><br/>
    Email: <%=request.getParameter("email") %><br/>
    <input type="submit" value="Finish"/>
    </form>
  4. com.dev2qa.example.servletsession.SessionManageHiddenField
    Session management Hidden form field register successful

    	protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    		/* Use action value to check current step page.*/
    		String action = req.getParameter("action");
    		/* We need to use request parameter to transfer user submit data in different step pages.
    		 * So we need to get the web application context path as the root path of each next page url.
    		 * */
    		String contextPath = this.getServletContext().getContextPath();
    		
    		boolean needRedirect = true;
    		String targetUrl = "";
    		if("inputUserAccount".equalsIgnoreCase(action))
    		{
    			/* Get below data from text box.*/
    			String userName = req.getParameter("userName");
    			String password = req.getParameter("password");
    			
    			/* Go to inputUserEmail.jsp and transfer userName and password as request parameters.*/
    			targetUrl = contextPath + "/pages/regist/inputUserEmail.jsp?userName="+userName+"&password="+password;
    		}else if("inputUserEmail".equalsIgnoreCase(action))
    		{
    			/* Get below data from form hiddenfields. */
    			String userName = req.getParameter("userName");
    			String password = req.getParameter("password");
    			
    			/* Get email from text box. */
    			String email = req.getParameter("email");
    			
    			/* Go to finishRegister.jsp and transfer userName, password and email as request parameters.*/
    			targetUrl = contextPath + "/pages/regist/finish.jsp?userName="+userName+"&password="+password+"&email="+email;
    		}else if("finishRegister".equalsIgnoreCase(action))
    		{
    			/* Get below data from form hiddenfields. */
    			String userName = req.getParameter("userName");
    			String password = req.getParameter("password");
    			String email = req.getParameter("email");
    			
    			PrintWriter pw = resp.getWriter();
    			pw.println("User Name : " + userName);
    			pw.println("Password : " + password);
    			pw.println("Email : " + email);
    			pw.println("Your user information has been registered successful.");
    			needRedirect = false;
    		}else
    		{
    			/* No action request parameter then go to first page of register*/
    			targetUrl = contextPath + "/pages/regist/inputUserAccount.jsp";
    		}
    		
    		if(needRedirect)
    		{
    			resp.sendRedirect(targetUrl);
    		}
    	}

Download “Http-Session-Management-Hidden-Form-Field-code-example.zip” Http-Session-Management-Hidden-Form-Field-code-example.zip – Downloaded 66 times – 48 KB

(Visited 373 times, 4 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.