WebReference.com - 2 Ways to Implement Session Tracking (1/4)
2 Ways to Implement Session Tracking
By Kiran Pai (firstname.lastname@example.org).
This article explains how to implement session tracking using two of the simplest and oldest methods available to programmers. I feel that in order to understand the beauty of new technologies that exist today it is often necessary to understand what used to be done before that technology came into being. The techniques presented in this article do not use the new technologies present to implement session tracking, but use some old, tried and tested ways which are extremely popular even today. After reading this article you would be able to implement session tracking using any language, since you would understand the concepts of session tracking rather than some language dependent implementation.
Various languages provide higher level APIs for implementing session tracking. There is a detailed session tracking API available in Java which enables many programmers to get session tracking implemented quickly and easily; but that is not what this article talks about. It focuses on understanding the basic techniques so that you can use it with any language.
To understand this article you need to know 3 things:
- Familiarity with any server side technology such as JSP, ASP, Java servlets, etc.
- You need to know HTML very well.
- You need to know how to access the contents of an HTML Form from within a programming language such as JSP, ASP, etc.
What is session tracking?
Session tracking (for those who haven't heard of it) is a concept which allows you to maintain a relationship between 2 successive requests made to a server on the Internet. Whenever a user browses any Web site, he uses HTTP (the underlying protocol) for all the data transfers taking place. This of course is not important to the user; but it is for you as a programmer. HTTP is a stateless protocol. When a user requests a page the server returns that Web page to the user. When the user once again clicks on a new link the server once again sends the new page that was requested. The server (because of the use of HTTP as the underlying protocol) has no idea that these 2 successive requests have come from the same user. The server is not at all bothered about who is asking for the pages. All it does it return the page that has been requested. This is exactly what stateless means. There is no connection between 2 successive requests on the Internet.
What does HTTP being stateless have to do with session tracking?
There are many instances where some sort of connection is required between 2 requests made by a user. And since all transfers on the WWW use HTTP at the lowest level this sort of connection cannot be made. For example if you are at a Web site buying books online, then you may add books to your cart and continue searching for more books. Every time you click on a new page your old selected books in the cart should not disappear. By default, the way the WWW works, since 2 successive requests (by the same user) have no connection, there would be no books in your cart every time you click on a new link. Every click would be considered as a separate request and have no relation to previous requests. Thus as you browse, all the information that relates to you should be maintained and should be carried on as you browse more and more. Your previous shopping cart contents should be present when you want to add a new book to the cart. This is what session tracking enables you to do. It lets you maintain an active session as long as you are browsing; and it gives HTTP a sort of new quality with every successive request having some relation to previous requests within the same session.
Session tracking is so common that you may not even realize that it is present. It is used on almost every site you visit on the 'Net. For example at Hotmail once you enter your username-password and you reach your inbox, had there been no session tracking then every time you click on a particular link in your inbox, you would be asked for your password. This would be the case since there would be no way to understand that the one who had originally entered his username-password is the same person who is currently asking for more pages. Session tracking allows you to store the information that you have successfully logged in and this information would be checked every time you do any thing within your inbox. Thus you would not be asked to enter your password with every click. I can give you many more examples where session tracking is used, but I suspect you have got the point.
Now lets discuss with the actual ways to implement session tracking. I shall explain 2 ways to implement session tracking:
- Hidden Fields In Forms
- URL Rewriting
Also I conclude the article with a few lines on cookies which are also used for session tracking.
Created: March 27, 2002
Revised: March 27, 2002