State and session tracking with Java servlets Part 2: Securing data

By David Reilly

Listing 1
HttpSessionExample.java
by David Reilly.




	
		
				Email Article
		
				Print Article
			
				
	

		
// Import I/O & servlet packages
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;

public class HttpSessionExample extends javax.servlet.http.HttpServlet
{
	// Implementation of GET request
	public void doGet (HttpServletRequest request, HttpServletResponse response) throws IOException
	{
		// Assign a content type
		response.setContentType( "text/html" );

		// Prevent caching of server-side responses
		response.setHeader( "Cache-Control" ,  "no-cache" );

		// Create a stream for writing HTML output
		PrintStream pout = new PrintStream (response.getOutputStream());

		// Get the user session, and create one if one doesn't already exist
		HttpSession userSession = request.getSession(true);

		// Check for presence of state data in userSession		
		String background = (String) userSession.getValue("background");
		String foreground = (String) userSession.getValue("foreground");

		if (background == null)
		{
			// No background stored - place default value in session
			background = getDefaultBackground();
			userSession.putValue("background", background);
		}	
		if (foreground == null)
		{
			// No foreground stored - place default value in session
			foreground = getDefaultForeground();
			userSession.putValue("foreground", foreground);
		}

		// Next, check for a change in parameter from FORM
		if ( request.getParameter("background") != null)
		{
			background = request.getParameter("background");			
			userSession.putValue ("background", background);
		}
		if ( request.getParameter("foreground") != null)
		{
			foreground = request.getParameter("foreground");
			userSession.putValue ("foreground", foreground);
		}


		pout.println ("<HTML><HEAD><TITLE>HttpSessionExample</TITLE></HEAD>");
		pout.println ("<BODY BGCOLOR='" + background + "' TEXT='" + foreground + "'>");
		pout.println ("This is an example of a servlet that uses HttpSession to store state info <p>\n");

		// Print form
		pout.println ("<form action='" + response.encodeUrl(request.getRequestURI()) + "' method=get>\n");
		pout.println ("Background : <input type=text name=background value='" + background + "'><br>\n");
		pout.println ("Foreground : <input type=text name=foreground value='" + foreground + "'><br>\n");
		pout.println ("<input type=submit>");
		pout.println ("</form>");
		
		pout.println ("<a href='" + response.encodeUrl ( request.getRequestURI() ) + "'>Hyperlink example of URL rewriting</a> - not supported by all servers");<!--Broken Link? -->
		pout.flush();

	}

	// Implemention of POST request
	public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException
	{
		// Pass to doGet
		doGet(request,response);
	}

	public String getDefaultBackground() { return "white"; }
	public String getDefaultForeground() { return "black"; }
}

Page 2 of 2

This article was originally published on October 26, 1999

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

State and session tracking with Java servlets Part 2: Securing data

Enterprise Development Update

Most Popular Developer Stories

Most Commented On