Http Session Management – Hidden Form Field

2 Comments / J2EE Tutorial / Servlet, Session

The HTTP protocol is stateless. A web server will not remember whether a new request comes from the same client or not. But in some cases such as shopping cart or user register manager, we should know which request comes from which client user. The HTTP session is just the solution to resolve this problem.

HTTP Session represents a user’s interaction with a web server during a period of time. You can store user data such as user-selected shop items or user registration information in it. If the user browses the website uses the same web browser on the same client device then all the later actions that the user interacts with a web server can be managed by the same session object. In one word, an HTTP session can be used to manage the conversation state between the client user and the web server.

1. HTTP Session Tracking.

Session tracking is a technology that can be used to maintain user data that belongs to the same client user. We can use the below techniques to implement session tracking.

  1. Hidden Form Field
  2. Cookies
  3. HttpSession

1.1 Hidden Form Field.

  1. This is the most original method to hold user status data in a session.
  2. You just need to create such a form filed in the Html form tag and save the data value in it.
  3. Then you can get the value back in another servlet that the Html form submits to.
  4. This method is web browser independent. Because Html form is accepted by almost all web browsers. 
    <form method="post" action="/HttpSessionExample">
<input type="hidden" name="userName" value="Jerry Zhao">
<input type="hidden" name="password" value="dev2qa.com">
<input type="hidden" name="email" value="[email protected]">
</form>
1.1.1 Advantage.
  1. Can be used in all web browser.
  2. Still work well when the cookie is disabled by the client’s web browser.
1.1.2 Disadvantage.
  1. Only can store textual Object data.
  2. Code maintenance is complex, need to add more form to a web page.
  3. Can only use sendRedirect() to navigate between different pages in a session.
  4. Need to add form submission data into the request parameters of the redirect page url to transfer them between different pages.
  5. Not secure. Other users can hack into your form field data by exploring Html source code.
1.1.3 Java Code Example.

This is a user register example. There have three JSP pages and one servlet.

  1. http://localhost:8080/Dev2qaWebAppExample/pages/regist/inputUserAccount.jsp: This JSP page will let the user enter the user name and password.
  2. http://localhost:8080/Dev2qaWebAppExample/pages/regist/inputUserEmail.jsp: Let the user enter user email.
  3. http://localhost:8080/Dev2qaWebAppExample/pages/regist/finish.jsp: Let user confirm account data.
  4. com.dev2qa.example.servletsession.SessionManageHiddenField: This is the servlet that control all register process. Include page navigation and user account information transfer between different jsp pages.
1.1.4 Hidden form fields in different JSP pages.
  1. Form fields in inputUserEmail.jsp that used to save userName and password value user entered in previous jsp page inputUserAccount.jsp. 
    <input type="hidden" name="userName" value="<%=request.getParameter("userName") %>" />
<input type="hidden" name="password" value="<%=request.getParameter("password") %>" />
  2. Form fields in finish.jsp that used to save userName, password and email value user entered in previous jsp pages inputUserAccount.jsp and inputUserEmail.jsp. 
    <input type="hidden" name="userName" value="<%=request.getParameter("userName") %>" />
<input type="hidden" name="password" value="<%=request.getParameter("password") %>" />
<input type="hidden" name="email" value="<%=request.getParameter("email") %>" />
  3. When the user clicks the “Finish” button in the finish.jsp then all the user information that the user entered in all previous JSP pages will submit to SessionManageHiddenField servlet.
1.1.5 Transfer users enter data between different JSP pages.
  1. This example uses the below navigation method to transfer user register data between different pages. 
    /* Go to finish.jsp and transfer userName, password and email as request parameters.*/
targetUrl = contextPath + "/pages/regist/finish.jsp?userName="+userName+"&password="+password+"&email="+email;
  2. You can see below page url in web browser when run it. 
    http://localhost:8080/Dev2qaWebAppExample/pages/regist/finish.jsp?userName=hello&password=hi&[email protected]
1.1.6 Full Source Codes.
  1. /pages/regist/inputUserAccount.jsp, Access Url: http://localhost:8080/Dev2qaWebAppExample/pages/regist/inputUserAccount.jsp. 
    <form action="/Dev2qaWebAppExample/SessionManageHiddenField" method="post">
<input type="hidden" name="action" value="inputUserAccount" />
UserName: <input type="text" id="userName" name="userName"/><br/>
Password: <input type="password" id="password" name="password"/><br/>
<input type="submit" value="Submit"/>
</form>
  2. /pages/regist/inputUserEmail.jspAccess Url: http://localhost:8080/Dev2qaWebAppExample/pages/regist/inputUserEmail.jsp?userName=Jerry Zhao&password=666666. 
    <form action="/Dev2qaWebAppExample/SessionManageHiddenField" method="post">
<input type="hidden" name="action" value="inputUserEmail" />
<input type="hidden" name="userName" value="<%=request.getParameter("userName") %>" />
<input type="hidden" name="password" value="<%=request.getParameter("password") %>" />
Email: <input type="text" id="email" name="email"/><br/>
<input type="submit" value="Submit"/>
</form>
  3. /pages/regist/finish.jsp, Access Url: http://localhost:8080/Dev2qaWebAppExample/pages/regist/finish.jsp?userName=Jerry Zhao&password=666666. 
    <form action="/Dev2qaWebAppExample/SessionManageHiddenField" method="post">
<input type="hidden" name="action" value="finishRegister" />
<input type="hidden" name="userName" value="<%=request.getParameter("userName") %>" />
<input type="hidden" name="password" value="<%=request.getParameter("password") %>" />
<input type="hidden" name="email" value="<%=request.getParameter("email") %>" />

Please confirm below user information then click Finish button to register.<br/><br/>
User Name: <%=request.getParameter("userName") %><br/>
Password: <%=request.getParameter("password") %><br/>
Email: <%=request.getParameter("email") %><br/>
<input type="submit" value="Finish"/>
</form>
  4. com.dev2qa.example.servletsession.SessionManageHiddenField, Access Url: http://localhost:8080/Dev2qaWebAppExample/SessionManageHiddenField. 
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        /* Use action value to check current step page.*/
	String action = req.getParameter("action");
	
        /* We need to use request parameter to transfer user submit data in different step pages.
	 * So we need to get the web application context path as the root path of each next page url.
	 * */
	String contextPath = this.getServletContext().getContextPath();
		
	boolean needRedirect = true;
	String targetUrl = "";
	if("inputUserAccount".equalsIgnoreCase(action))
	{
		/* Get below data from text box.*/
		String userName = req.getParameter("userName");
		String password = req.getParameter("password");
		
		/* Go to inputUserEmail.jsp and transfer userName and password as request parameters.*/
		targetUrl = contextPath + "/pages/regist/inputUserEmail.jsp?userName="+userName+"&password="+password;
	}else if("inputUserEmail".equalsIgnoreCase(action))
	{
		/* Get below data from form hiddenfields. */
		String userName = req.getParameter("userName");
		String password = req.getParameter("password");
		
		/* Get email from text box. */
		String email = req.getParameter("email");
		
		/* Go to finishRegister.jsp and transfer userName, password and email as request parameters.*/
		targetUrl = contextPath + "/pages/regist/finish.jsp?userName="+userName+"&password="+password+"&email="+email;
	}else if("finishRegister".equalsIgnoreCase(action))
	{
		/* Get below data from form hiddenfields. */
		String userName = req.getParameter("userName");
		String password = req.getParameter("password");
		String email = req.getParameter("email");
		
		PrintWriter pw = resp.getWriter();
		pw.println("User Name : " + userName);
		pw.println("Password : " + password);
		pw.println("Email : " + email);
		pw.println("Your user information has been registered successful.");
		needRedirect = false;
	}else
	{
		/* No action request parameter then go to first page of register*/
		targetUrl = contextPath + "/pages/regist/inputUserAccount.jsp";
	}
	
	if(needRedirect)
	{
		resp.sendRedirect(targetUrl);
	}
}

2 thoughts on “Http Session Management – Hidden Form Field”

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.