Maintain Session using User Authorization

We can maintain session using User Authorization, the most common method.
Maintain Session using User Authorization is the second method in the series of https://codedbug.com/2014/06/playing-with-session-in-java/ post.

User Authorization is the most common way to maintain session between client and server.
A user has to sign-in into the application using their credentials. Once the user submits the form by filling the correct credentials a session gets created on the server that will be used during the entire user session.

Use these credentials to make this form work:
Email: session@session.com
Password: session

 
—index.jsp—
This page contains the login form.







How to maintain Session?

How to maintain Session?



2. User Authorization

 
—welcome.jsp—
If the user successfully logged in then, this welcome page will get displayed. This welcome page will display the hello message and email id of the user.







Welcome
	Welcome Demo User, you have used User Authorization method to create
	session.
	
Your email id is:
Logout

 
—error.jsp—






    
        Error Page
        Error while login
    

 
—Login.java—

/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package com.java;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.websocket.Session;

/**
 * 
 * @author Abhishek
 */
@WebServlet(urlPatterns = "/user_authorization")
public class Login extends HttpServlet {

	/**
	 * 
	 */
	private static final long serialVersionUID = 1L;

	@Override
	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		String email = (String) request.getParameter("email");
		String password = (String) request.getParameter("password");

		System.out.println(email);
		System.out.println(password);
		if (email.equals("session@session.com") && password.equals("session")) {
			HttpSession session = request.getSession(true);
			session.setAttribute("email", email);
			
			System.out.println("session is\t" + session);
			System.out.println("session ID\t" + session.getId());
			System.out.println("Last Accessed Time \t"
					+ session.getLastAccessedTime());
			System.out.println("Servlet Context\t" + session.getServletContext());
			
			response.sendRedirect("user_authorization/welcome.jsp");
		} else {
			response.sendRedirect("user_authorization/error.jsp");
		}
		response.setContentType("text/html");
		PrintWriter out = response.getWriter();

		
	}
}

 
—Logout.java—

/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package com.java;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.websocket.Session;

/**
 * 
 * @author Abhishek
 */
@WebServlet(urlPatterns = "/logout")
public class Logout extends HttpServlet {

	/**
	 * 
	 */
	private static final long serialVersionUID = 1L;

	@Override
	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {

		HttpSession session = request.getSession();
		System.out.println(session.getAttribute("email"));
		session.invalidate();

		if (request.getSession(false) != null) {
			System.out.println("session not removed you are still loggedin");
		} else {
			System.out.println("session removed successfully");
		}

		response.sendRedirect("index.jsp");

	}
}

 
OUTPUT:

User_Authorization_Login_page

In the above screenshot, you can see the login form. We haven’t logged in yet, the session present is the session that is by default assign by the Apache tomcat server to the browser.

Now let’s login with the credentials.

User_Authorization_Login_page_2

 
Using this method, We have set session in apache tomcat server not in cookies,

HttpSession session = request.getSession(true);
session.setAttribute("email", email);

 
Below is the code snippet to display the session value on the webpage