Session handling in HttpClient
http://old.nabble.com/Session-handling-in-HttpClient-td18106268.html
by Wierd Programmer Jun 25, 2008; 03:03pm :: Rate this Message: - Use ratings to moderate (?)
Reply | Print | View Threaded | Show Only this Message
Hi folks,
I am planning to use HttpClient in the client end of a Swing based client -
server(Jboss) application.
I am wondering how to handle sessions and specially session time out
situations...Are there any listener kind of things for session? Incase If I
would like to show a message to the user saying session will time out in so
and so seconds/minutes how do I do it?
Please let me know how to go forward with this.
Regards,
Jade
Re: Session handling in HttpClient
by Q Beukes Jun 25, 2008; 03:17pm :: Rate this Message: - Use ratings to moderate (?)
Reply | Print | View Threaded | Show Only this Message
Well, sessions are server related. Let me give you an idea of how sessions work:
In this example I will use "SESSID" as the cookie name, but this can
be configured, and differs in all implementations.
First Request
1. Client visits server for the first time.
2. Server checks if the "SESSID" is set, it is NOT, so it creates a
new session and generates a session ID to identify this session.
3. Server sends a "Cookie" header so teh client will create the cookie.
4. Client saves cookie for given domain.
Second request
1. Client sends request a second time
2. Client also sends all cookies it now has, in this case SESSID which
contains a string session id.
3. Server checks to see if SESSID was sent.
4. It was, so server takes this session id it received in the cookie,
and sees if it has a session by that identification
5. Server locates the session data, and loads it into instance
variables for the script/jsp/servlet/whatever.
This is basically what happens. A session is nothing more than a way
for the server to identify that the same client is visiting. This is
done with cookies 99% of the time, and sometimes with GET variables
(but same story, just a variable sent with every request containing
the session id).
Sessions are 100% server side. The client does nothing more than carry
a unique identifier, and all session variables/data is stored in a
persistent state on the server. There is no special communication or
nothing. It's nothing special.
You can create your own session implementation by simple having an
array of open sessions, and each array items is a Map<String, String>
of variable:value pairs. Then send cookies to track the clients, to
know which Map to use. Simple.
So the solution to your problems are this:
You can support the session by receiving/resending cookies on all requests.
You can do timeouts ONLY by knowing what timeout is configured on the
server and having a timer track this yourself. So if the server
session timeout is 1 hour, then have a time that checks the period of
inactivity for requests, when it exceeds 1 hour, kill the session on
your side by deleting the cookie and doing any
cleanup/reinitialization.
Alternatively, to generically support all servers, you might want to
do a periodic "is session open" request, which is basically a request
to the server that checks if the session is open. If you want to do
this, there is a very safe way to implement something like this. Just
ask me and I'll explain it (it's not as simple as checking for the
presense of a session, as this will always return true).
Q
On 6/25/08, Wierd Programmer <wierdprogrammer@...> wrote:
> Hi folks,
>
> I am planning to use HttpClient in the client end of a Swing based client -
> server(Jboss) application.
>
> I am wondering how to handle sessions and specially session time out
> situations...Are there any listener kind of things for session? Incase If I
> would like to show a message to the user saying session will time out in so
> and so seconds/minutes how do I do it?
>
> Please let me know how to go forward with this.
>
> Regards,
> Jade
>
? [hide part of quote]
--
Quintin Beukes
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@...
For additional commands, e-mail: httpclient-users-help@...
Re: Session handling in HttpClient
by Wierd Programmer Jun 26, 2008; 09:33am :: Rate this Message: - Use ratings to moderate (?)
Reply | Print | View Threaded | Show Only this Message
Hi Quitin,
Thanks for the response.
That does help me understand clearly about sessions.
I will try to implement the same and incase of any questions, will get back
to you.
Thanks again for your time.
Regards,
Jade
On Wed, Jun 25, 2008 at 12:47 PM, Quintin Beukes <quintin@...>
wrote:
> Well, sessions are server related. Let me give you an idea of how sessions
> work:
>
> In this example I will use "SESSID" as the cookie name, but this can
> be configured, and differs in all implementations.
>
> First Request
> 1. Client visits server for the first time.
> 2. Server checks if the "SESSID" is set, it is NOT, so it creates a
> new session and generates a session ID to identify this session.
> 3. Server sends a "Cookie" header so teh client will create the cookie.
> 4. Client saves cookie for given domain.
>
> Second request
> 1. Client sends request a second time
> 2. Client also sends all cookies it now has, in this case SESSID which
> contains a string session id.
> 3. Server checks to see if SESSID was sent.
> 4. It was, so server takes this session id it received in the cookie,
> and sees if it has a session by that identification
> 5. Server locates the session data, and loads it into instance
> variables for the script/jsp/servlet/whatever.
>
> This is basically what happens. A session is nothing more than a way
> for the server to identify that the same client is visiting. This is
> done with cookies 99% of the time, and sometimes with GET variables
> (but same story, just a variable sent with every request containing
> the session id).
>
> Sessions are 100% server side. The client does nothing more than carry
> a unique identifier, and all session variables/data is stored in a
> persistent state on the server. There is no special communication or
> nothing. It's nothing special.
>
> You can create your own session implementation by simple having an
> array of open sessions, and each array items is a Map<String, String>
> of variable:value pairs. Then send cookies to track the clients, to
> know which Map to use. Simple.
>
> So the solution to your problems are this:
> You can support the session by receiving/resending cookies on all requests.
>
> You can do timeouts ONLY by knowing what timeout is configured on the
> server and having a timer track this yourself. So if the server
> session timeout is 1 hour, then have a time that checks the period of
> inactivity for requests, when it exceeds 1 hour, kill the session on
> your side by deleting the cookie and doing any
> cleanup/reinitialization.
>
> Alternatively, to generically support all servers, you might want to
> do a periodic "is session open" request, which is basically a request
> to the server that checks if the session is open. If you want to do
> this, there is a very safe way to implement something like this. Just
> ask me and I'll explain it (it's not as simple as checking for the
> presense of a session, as this will always return true).
>
> Q
>
> On 6/25/08, Wierd Programmer <wierdprogrammer@...> wrote:
> > Hi folks,
> >
> > I am planning to use HttpClient in the client end of a Swing based
> client -
> > server(Jboss) application.
> >
> > I am wondering how to handle sessions and specially session time out
> > situations...Are there any listener kind of things for session? Incase
> If I
> > would like to show a message to the user saying session will time out in
> so
> > and so seconds/minutes how do I do it?
> >
> > Please let me know how to go forward with this.
> >
> > Regards,
> > Jade
> >
>
>
> --
> Quintin Beukes
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@...
> For additional commands, e-mail: httpclient-users-help@...
>
>
...[show rest of quote]
Re: Session handling in HttpClient
by Eugene Kondrashev Nov 06, 2008; 01:04am :: Rate this Message: - Use ratings to moderate (?)
Reply | Print | View Threaded | Show Only this Message
Hi!
>Alternatively, to generically support all servers, you might want to
>do a periodic "is session open" request, which is basically a request
>to the server that checks if the session is open. If you want to do
>this, there is a very safe way to implement something like this. Just
>ask me and I'll explain it (it's not as simple as checking for the
>presense of a session, as this will always return true).
So can you explain how to do such a periodic "is session open" request?
Q Beukes wrote:
Well, sessions are server related. Let me give you an idea of how sessions work:
In this example I will use "SESSID" as the cookie name, but this can
be configured, and differs in all implementations.
First Request
1. Client visits server for the first time.
2. Server checks if the "SESSID" is set, it is NOT, so it creates a
new session and generates a session ID to identify this session.
3. Server sends a "Cookie" header so teh client will create the cookie.
4. Client saves cookie for given domain.
Second request
1. Client sends request a second time
2. Client also sends all cookies it now has, in this case SESSID which
contains a string session id.
3. Server checks to see if SESSID was sent.
4. It was, so server takes this session id it received in the cookie,
and sees if it has a session by that identification
5. Server locates the session data, and loads it into instance
variables for the script/jsp/servlet/whatever.
This is basically what happens. A session is nothing more than a way
for the server to identify that the same client is visiting. This is
done with cookies 99% of the time, and sometimes with GET variables
(but same story, just a variable sent with every request containing
the session id).
Sessions are 100% server side. The client does nothing more than carry
a unique identifier, and all session variables/data is stored in a
persistent state on the server. There is no special communication or
nothing. It's nothing special.
You can create your own session implementation by simple having an
array of open sessions, and each array items is a Map<String, String>
of variable:value pairs. Then send cookies to track the clients, to
know which Map to use. Simple.
So the solution to your problems are this:
You can support the session by receiving/resending cookies on all requests.
You can do timeouts ONLY by knowing what timeout is configured on the
server and having a timer track this yourself. So if the server
session timeout is 1 hour, then have a time that checks the period of
inactivity for requests, when it exceeds 1 hour, kill the session on
your side by deleting the cookie and doing any
cleanup/reinitialization.
Alternatively, to generically support all servers, you might want to
do a periodic "is session open" request, which is basically a request
to the server that checks if the session is open. If you want to do
this, there is a very safe way to implement something like this. Just
ask me and I'll explain it (it's not as simple as checking for the
presense of a session, as this will always return true).
Q
On 6/25/08, Wierd Programmer <[email protected]> wrote:
> Hi folks,
>
> I am planning to use HttpClient in the client end of a Swing based client -
> server(Jboss) application.
>
> I am wondering how to handle sessions and specially session time out
> situations...Are there any listener kind of things for session? Incase If I
> would like to show a message to the user saying session will time out in so
> and so seconds/minutes how do I do it?
>
> Please let me know how to go forward with this.
>
> Regards,
> Jade
>
--
Quintin Beukes
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
...[show rest of quote]
Re: Session handling in HttpClient
by olegk Nov 06, 2008; 11:51pm :: Rate this Message: - Use ratings to moderate (?)
Reply | Print | View Threaded | Show Only this Message
On Wed, 2008-11-05 at 09:04 -0800, Eugene Kondrashev wrote:
> Hi!
> >Alternatively, to generically support all servers, you might want to
> >do a periodic "is session open" request, which is basically a request
> >to the server that checks if the session is open. If you want to do
> >this, there is a very safe way to implement something like this. Just
> >ask me and I'll explain it (it's not as simple as checking for the
> >presense of a session, as this will always return true).
>
> So can you explain how to do such a periodic "is session open" request?
>
...[show rest of quote]
Just hit the target server with a HEAD or GET and see if you get the
same session cookie (session id) back.
Oleg
>
> Q Beukes wrote:
> >
> > Well, sessions are server related. Let me give you an idea of how sessions
> > work:
> >
> > In this example I will use "SESSID" as the cookie name, but this can
> > be configured, and differs in all implementations.
> >
> > First Request
> > 1. Client visits server for the first time.
> > 2. Server checks if the "SESSID" is set, it is NOT, so it creates a
> > new session and generates a session ID to identify this session.
> > 3. Server sends a "Cookie" header so teh client will create the cookie.
> > 4. Client saves cookie for given domain.
> >
> > Second request
> > 1. Client sends request a second time
> > 2. Client also sends all cookies it now has, in this case SESSID which
> > contains a string session id.
> > 3. Server checks to see if SESSID was sent.
> > 4. It was, so server takes this session id it received in the cookie,
> > and sees if it has a session by that identification
> > 5. Server locates the session data, and loads it into instance
> > variables for the script/jsp/servlet/whatever.
> >
> > This is basically what happens. A session is nothing more than a way
> > for the server to identify that the same client is visiting. This is
> > done with cookies 99% of the time, and sometimes with GET variables
> > (but same story, just a variable sent with every request containing
> > the session id).
> >
> > Sessions are 100% server side. The client does nothing more than carry
> > a unique identifier, and all session variables/data is stored in a
> > persistent state on the server. There is no special communication or
> > nothing. It's nothing special.
> >
> > You can create your own session implementation by simple having an
> > array of open sessions, and each array items is a Map<String, String>
> > of variable:value pairs. Then send cookies to track the clients, to
> > know which Map to use. Simple.
> >
> > So the solution to your problems are this:
> > You can support the session by receiving/resending cookies on all
> > requests.
> >
> > You can do timeouts ONLY by knowing what timeout is configured on the
> > server and having a timer track this yourself. So if the server
> > session timeout is 1 hour, then have a time that checks the period of
> > inactivity for requests, when it exceeds 1 hour, kill the session on
> > your side by deleting the cookie and doing any
> > cleanup/reinitialization.
> >
> > Alternatively, to generically support all servers, you might want to
> > do a periodic "is session open" request, which is basically a request
> > to the server that checks if the session is open. If you want to do
> > this, there is a very safe way to implement something like this. Just
> > ask me and I'll explain it (it's not as simple as checking for the
> > presense of a session, as this will always return true).
> >
> > Q
> >
> > On 6/25/08, Wierd Programmer <wierdprogrammer@...> wrote:
> >> Hi folks,
> >>
> >> I am planning to use HttpClient in the client end of a Swing based
> >> client -
> >> server(Jboss) application.
> >>
> >> I am wondering how to handle sessions and specially session time out
> >> situations...Are there any listener kind of things for session? Incase
> >> If I
> >> would like to show a message to the user saying session will time out in
> >> so
> >> and so seconds/minutes how do I do it?
> >>
> >> Please let me know how to go forward with this.
> >>
> >> Regards,
> >> Jade
> >>
> >
> >
> > --
> > Quintin Beukes
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-users-unsubscribe@...
> > For additional commands, e-mail: httpclient-users-help@...
> >
> >
> >
>
> --
> View this message in context: http://www.nabble.com/Session-handling-in-HttpClient-tp18106268p20343451.html
> Sent from the HttpClient-User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@...
> For additional commands, e-mail: httpclient-users-help@...
>
...[show rest of quote]
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@...
For additional commands, e-mail: httpclient-users-help@...
Re: Session handling in HttpClient
by Eugene Kondrashev Nov 07, 2008; 07:48pm :: Rate this Message: - Use ratings to moderate (?)
Reply | Print | View Threaded | Show Only this Message
I see..
But, how can I recognize the session id cookie?
In theory server can use any label to designate session id cookie. Is there some standard way to get sessionID cookie through HTTPClient?
Just parsing all cookies on accordance "sessionID" string is not a good idea,I think.
olegk wrote:
On Wed, 2008-11-05 at 09:04 -0800, Eugene Kondrashev wrote:
> Hi!
> >Alternatively, to generically support all servers, you might want to
> >do a periodic "is session open" request, which is basically a request
> >to the server that checks if the session is open. If you want to do
> >this, there is a very safe way to implement something like this. Just
> >ask me and I'll explain it (it's not as simple as checking for the
> >presense of a session, as this will always return true).
>
> So can you explain how to do such a periodic "is session open" request?
>
Just hit the target server with a HEAD or GET and see if you get the
same session cookie (session id) back.
Oleg
...[show rest of quote]
Re: Session handling in HttpClient
by olegk Nov 11, 2008; 11:36pm :: Rate this Message: - Use ratings to moderate (?)
Reply | Print | View Threaded | Show Only this Message
On Fri, 2008-11-07 at 03:48 -0800, Eugene Kondrashev wrote:
> I see..
> But, how can I recognize the session id cookie?
I am afraid I do not have any good news for you.
> In theory server can use any label to designate session id cookie. Is there
> some standard way to get sessionID cookie through HTTPClient?
Session cookies are not standardized. JEE servlet containers / .NET
applications rely on certain conventions, but effectively an application
is free to choose just about any cookie to pass around as a session
token.
Oleg
> Just parsing all cookies on accordance "sessionID" string is not a good
> idea,I think.
>
> olegk wrote:
> >
> > On Wed, 2008-11-05 at 09:04 -0800, Eugene Kondrashev wrote:
> >> Hi!
> >> >Alternatively, to generically support all servers, you might want to
> >> >do a periodic "is session open" request, which is basically a request
> >> >to the server that checks if the session is open. If you want to do
> >> >this, there is a very safe way to implement something like this. Just
> >> >ask me and I'll explain it (it's not as simple as checking for the
> >> >presense of a session, as this will always return true).
> >>
> >> So can you explain how to do such a periodic "is session open" request?
> >>
> >
> > Just hit the target server with a HEAD or GET and see if you get the
> > same session cookie (session id) back.
> >
> > Oleg
> >
> >
>
...[show rest of quote]
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@...
For additional commands, e-mail: httpclient-users-help@...