UNIT III Host Objects : Browsers and the DOM-Introduction to the Document Object Model DOM History and

Le els-Intrinsic ! ent Handlin"-Modi#yin" !lement $tyle-The Document Tree-DOM ! ent Handlin"-%ccommodatin" Noncom&liant Browsers 'ro&erties o# window-(ase $tudy) $er er-$ide 'ro"rammin": *a a $er lets- %rchitecture -O er iew-% $er elet-+eneratin" Dynamic (ontent-Li#e (ycle- 'arameter Data-$essions-(oo,ies- U-L -ewritin"-Other (a&abilities-Data $tora"e $er lets and (oncurrency-(ase $tudy--elated Technolo"ies) Document Object Model: Introduction: The Document Object Model is a &lat#orm- and lan"ua"e-neutral inter#ace that will allow &ro"rams and scri&ts to dynamically access and u&date the content. structure and style o# documents) /hen we see a document usin" a browser. DOM &resents documents as a hierarchy o# HTML or 0ML objects in the document) This hierarchy structure ma,es it &ossible #or &ro"rammers or browsers to access and delete. add. or edit their content. attributes and style) The DOM ma,es it &ossible #or &ro"rammers to write a&&lications which wor, &ro&erly on all browsers and ser ers and on all &lat#orms)

/hat is DOM1 The DOM is a /2( 3/orld /ide /eb (onsortium4 standard) The DOM de#ines a standard #or accessin" documents li,e 0ML and HTML: 5The /2( Document Object Model 3DOM4 is a &lat#orm and lan"ua"e-neutral inter#ace that allows &ro"rams and scri&ts to dynamically access and u&date the content. structure. and style o# a document)5 The DOM is se&arated into 2 di##erent &arts 6 le els:

(ore DOM - standard model #or any structured document 0ML DOM - standard model #or 0ML documents HTML DOM - standard model #or HTML documents

DOM History The DOM ori"inated as a s&eci#ication to allow *a a$cri&t scri&ts and *a a &ro"rams to be &ortable amon" /eb browsers) 5Dynamic HTML5 was the immediate ancestor o# the Document Object Model. and it was ori"inally thou"ht o# lar"ely in terms o# browsers) Howe er. when the DOM /or,in" +rou& was #ormed at /2(. it was also joined by endors in other domains. includin" HTML or 0ML editors and document re&ositories) $e eral o# these endors had wor,ed with $+ML be#ore 0ML was de elo&ed7 as a result. the DOM has been in#luenced by $+ML +ro es and the HyTime standard) $ome o# these endors had also de elo&ed their own object models #or documents in order to &ro ide an %'I #or $+ML60ML editors or document re&ositories. and these object models ha e also in#luenced the DOM) The /orld /ide /eb (onsortium 3/2(4 de elo&ed the /2( Document Obeject Model in res&onse to the de elo&ment o# arious &ro&rietary models #or HTML. &articularly those used in /eb Browsers) /2( be"an de elo&ment o# the DOM in mid-899:s) %lthou"h the /2( ne er &roduced a s&eci#ication #or DOM :. it was nonetheless a &artially documented model and was included in the s&eci#ication o# HTML;) By October 899<. the #irst s&eci#ication o# DOM 3DOM 84 was released) DOM = was issued in No ember =:::. with s&eci#ics on the style sheet object model and style in#ormation mani&ulation) DOM 2 was released in %&ril =::; and is the current release o# the DOM s&eci#ication)

Levels of DOM The /2( DOM s&eci#ications are di ided into le els. each o# which contains re>uired and o&tional modules) To claim to su&&ort a le el. an a&&lication must im&lement all the re>uirements o# the claimed le el and le els below it) %s o# =::?. Le el 8. Le el =. and some modules o# Le el 2 are /2( -ecommendations which means they ha e reached their #inal #orm)

DOM Le el 8 $&eci#ications Document Object Model Le el 8 is a &lat#orm- and lan"ua"e-neutral inter#ace that allows &ro"rams and scri&ts to dynamically access and u&date the content. structure and style o# documents) The Document Object Model &ro ides a standard set o# objects #or re&resentin" HTML and 0ML documents. a standard model o# how these objects can be combined. and a standard inter#ace #or accessin" and mani&ulatin" them) @endors can su&&ort the DOM as an inter#ace to their &ro&rietary data structures and %'Is. and content authors can write to the standard DOM inter#aces rather than &roduct-s&eci#ic %'Is. thus increasin" intero&erability on the /eb) The "oal o# the DOM s&eci#ication is to de#ine a &ro"rammatic inter#ace #or 0ML and HTML) The DOM Le el 8 s&eci#ication is se&arated into two &arts: (ore and HTML) The (ore DOM Le el 8 section &ro ides a low-le el set o# #undamental inter#aces that can re&resent any structured document. as well as de#inin" eAtended inter#aces #or re&resentin" an 0ML document) These eAtended 0ML inter#aces need not be im&lemented by a DOM im&lementation that only &ro ides access to HTML documents7 all o# the #undamental inter#aces in the (ore section must be im&lemented) % com&liant DOM im&lementation that im&lements the eAtended 0ML inter#aces is re>uired to also im&lement the #undamental (ore inter#aces. but not the HTML inter#aces) The HTML Le el 8 section &ro ides additional. hi"her-le el inter#aces that are used with the #undamental inter#aces de#ined in the (ore Le el 8 section to &ro ide a more con enient iew o# an HTML document) % com&liant im&lementation o# the HTML DOM im&lements all o# the #undamental (ore inter#aces as well as the HTML inter#aces)

DOM Le el = $&eci#ications The Document Object Model Le el = s&eci#ication re#lects cross-industry a"reement on a standard %'I 3%&&lications 'ro"rammin" Inter#ace4 #or mani&ulatin" documents and data throu"h a &ro"rammin" lan"ua"e 3such as *a a4) (reated and de elo&ed by the /2( Document Object Model 3DOM4 /or,in" +rou&. this s&eci#ication eAtends the &lat#orm- and lan"ua"e-neutral inter#ace to access and u&date dynamically a documentBs content. structure. and style #irst described by the DOM Le el 8 -ecommendation) The DOM Le el = &ro ides a standard set o# objects #or re&resentin" !Atensible Mar,u& Lan"ua"e 30ML4 documents and data. includin" names&ace su&&ort. a style sheet &lat#orm which adds su&&ort #or ($$ 8 and =. a standard model o# how these objects may be combined. and a standard inter#ace #or accessin" and mani&ulatin" them) DOM Le el 8 was desi"ned #or HTML ;): and 0ML 8):) /ith DOM Le el =. authors can ta,e #urther ad anta"e o# the eAtensibility o# 0ML) $im&ly &ut. anywhere you use 0ML. you can now use the DOM to mani&ulate it) The standard DOM inter#ace ma,es it &ossible to write so#tware 3similar to &lu"-ins4 #or &rocessin" customiCed ta"-sets in a lan"ua"e- and &lat#orm-inde&endent way) % standard %'I ma,es it easier to de elo& modules that can be re-used in di##erent a&&lications) DOM Le el = &ro ides su&&ort #or 0ML names&aces. eAtendin" and im&ro in" the 0ML &lat#orm) %s more sites mo e to 0ML #or content deli ery. DOM Le el = emer"es as a critical tool #or de elo&in" dynamic /eb content) The DOM de#ines a standard %'I that allows authors to write &ro"rams that wor, without chan"es across tools and browsers #rom di##erent endors) But beyond this. it &ro ides a uni#orm way to &roduce &ro"rams that wor, across a ariety o# di##erent de ices. so all may bene#it #rom dynamically "enerated content)

The DOM Le el = (ascadin" $tyle $heet 3($$4 %'I ma,es it &ossible #or a scri&t author to access and mani&ulate style in#ormation associated with contents. while &reser in" accessibility) In web de elo&ment. (ascadin" $tyle $heets 3($$4 is a stylesheet lan"ua"e used to describe the &resentation o# a document written in a mar,u& lan"ua"e) Its most common a&&lication is to style web &a"es written in HTML and 0HTML. but the lan"ua"e can be a&&lied to any ,ind o# 0ML document. includin" $@+ and 0UL) ($$ is used by both the authors and readers o# web &a"es to de#ine colors. #onts. layout. and other as&ects o# document &resentation) It is desi"ned &rimarily to enable the se&aration o# document content 3written in HTML or a similar mar,u& lan"ua"e4 #rom document &resentation 3written in ($$4) This se&aration can im&ro e content accessibility. &ro ide more #leAibility and control in the s&eci#ication o# &resentational characteristics. and reduce com&leAity and re&etition in the structural content) ($$ can also allow the same mar,u& &a"e to be &resented in di##erent styles #or di##erent renderin" methods. such as on-screen. in &rint. by oice 3when read out by a s&eech-based browser or screen reader4 and on Braille-based. tactile de ices) ($$ s&eci#ies a &riority scheme to determine which style rules a&&ly i# more than one rule matches a"ainst a &articular element) In this so-called cascade. &riorities or wei"hts are calculated and assi"ned to rules. so that the results are &redictable) DOM Le el 2 $&eci#ications The Document Object Model ! ents Le el 2. a &lat#orm- and lan"ua"e-neutral inter#ace that allows &ro"rams and scri&ts to dynamically access and u&date the content. structure and style o# documents) The "oal o# the DOM Le el 2 ! ents s&eci#ication is to eA&and u&on the #unctionality s&eci#ied in the DOM Le el = ! ent $&eci#ication)

The s&eci#ication does this by addin" new inter#aces which are com&limentary to the inter#aces de#ined in the DOM Le el = ! ent $&eci#ication as well as addin" new e ent sets to those already de#ined) This s&eci#ication re>uires the &re iously desi"ned inter#aces in order to be #unctional) It is not desi"ned to be standalone) These inter#aces are not desi"ned to su&ercede the inter#aces already &ro ided but instead to add to the #unctionality contained within them) DOM ! ents allow e ent-dri en &ro"rammin" lan"ua"es li,e *a a$cri&t. *$cri&t. !(M%$cri&t. @B$cri&t and *a a to re"ister arious e ent handlers6listeners on the element nodes inside a DOM tree. e)") HTML. 0HTML. 0UL and $@+ documents) (ommon6/2( e ents that can be "enerated by most element nodes: Mouse e ents Deyboard e ents HTML #rame6object e ents HTML #orm e ents User inter#ace e ents Mutation e ents 3noti#ication o# any chan"es to the structure o# a document4

DOM Tree DOM de#ines a lo"ical tree-structure #or an 0ML document) The basic buildin" bloc, o# the tree-structure is a node) Nodes are "eneric containers that hold in#ormation about the elements. attributes. content. comments and &rocessin" instructions that are stored in an 0ML document) %n 0ML document can be iewed as a sin"le node that contains all the other nodes)

(onsider the #ollowin" code sni&&et: EhtmlF EheadF EtitleFThis is $han,arE6titleF E6headF Ebody b"colotGredF Eh8F$han,arE6h8F E&FDOM TreeE6&F E6bodyF E6htmlF This code is re&resented by usin" 0ML DOM. as shown below:

Di##erence between $%0 and DOM

$%0 is read only . DOM is read and write both) $%0 is #orward only where as DOM can access both was #orward as well as bac,wards) $%0 is an e ent based &arser. but DOM is not) $%0 &arses the #ile as it reads where as the DOM loads the #ile into memory to &arse the #ile) $%0 does not ha e memory constraints where as the DOM has memory constraints as Aml #ile is loaded into the memory to &arse the #ile)

%d anta"es o# HTML DOM

-obust %'I #or DOM tree) -elati ely sim&le to modi#y the data structure and eAtract data)

Disad anta"es o# HTML DOM

$tores the entire document in memory) %s DOM was written #or any lan"ua"e. method namin" con entions donBt #ollow standard ja a &ro"rammin" con entions

Handling events with the DOM There are two basic ways o# assi"nin" an e ent handler) The #irst. most used. and certainly obtrusi e techni>ue is embeddin" it directly into the HTML mar,u&. while the second is just includin" the e ent handler within the own &iece o# *a a$cri&t code) De#initely. this last one is the recommended a&&roach. since it allows us to maintain the HTML and the *a a$cri&t &ieces residin" in di##erent layers. ma,in" the code much more #leAible and &ortable) LetHs illustrate the #irst a&&roach. insertin" the e ent handler inside its own HTML ta". a&&endin" it as a re"ular attribute: Ea hre#G5htt&:66www)de articles)com5 titleG5O&ens lin, in a new window5 onclic,G5window)o&en3Bhtt&:66www)de articles)comB47return #alse75F(lic, here #or "reat /eb De elo&ment articlesE6aF In the abo e eAam&le. weH e embedded the e ent handler alon" with the *a a$cri&t code to be eAecuted) %s we can see. the HTML mar,u& is rather dirty usin" the inline a&&roach) Now. letHs im&lement the same #unctionality. this time by insertin" the e ent handler within the *a a$cri&t code) Li,e this: Escri&t lan"ua"eG5ja ascri&t5F o&enLin,G#unction34I ar de lin,Gdocument)"et!lementById3Bde lin,B47 de lin,)onclic,G#unction34I

window)o&en3Bhtt&:66www)de articles)comB47 return #alse7 J J window)onloadGo&enLin,7 E6scri&tF

%nd rewritin" the HTML mar,u&. in the #ollowin" manner: Ea hre#G5htt&:66www)de articles)com5 titleG5O&ens lin, in a new window5 idG5de lin,5F(lic, here #or "reat /eb De elo&ment articlesE6aF %n eA&lanation is in order here) In this second eAam&le. weH e built a com&letely se&arate scri&t. inserted the 5onclic,5 e ent handler within the 5o&enLin,345 #unction. and then eAecuted the scri&t when the &a"e is loaded 3utiliCin" 5onload5. another e ent handler4) Note how we ha e dynamically attached a new #unction to the lin,. without the need o# declarin" the #unction name) Undoubtedly. this last techni>ue is much better and cleaner than the #irst one) Now weH e "ras&ed the "eneral conce&t #or assi"nin" e ent handlers) Ha in" eA&lained the two con entional ways to assi"n e ent handlers. letHs "o one ste& #urther and learn a little more about the manner the DOM handles e ents)

Understanding the DOM event flow: Event Capture and Event Bubble Detectin" e ents and assi"nin" the &ro&er e ent handlers with the DOM is really a strai"ht#orward &rocess. introducin" a new manner #or doin" this) /hatHs more. the two con entional a&&roaches &re iously described are &er#ectly su&&orted and alid) Kor a com&lete understandin" o# assi"nin" e ent handlers with the DOM. itHs really necessary #irst to eA&lain the way that e ents are handled within its conteAt) LetHs assume weHre re&resentin" an eAtremely common situation. where the user &asses the mouse o er a re"ular lin, &resent in a /eb document) Krom a userHs &oint o# iew. the &rocess consists o# just ho erin" on the lin, and thatHs all)

'eriod) On the other hand. #or the DOM. thin"s are more com&leA and technical. "eneratin" a set o# &rocesses that in ol es two &hases. called ! ent (a&turin" and ! ent Bubblin" res&ecti ely)

%ccordin" to the &re ious eAam&le. when a user is &assin" the mouse o er the lin,. these are the e ents that ta,e &lace. in the #ollowin" order:

The user mo es the mouse o er the document) The user mo es the mouse o er any ta" containin" the tar"et EaF element) The user mo es the mouse o er the s&eci#ic tar"et EaF element)

The two &rocesses &rior to reachin" the tar"et EaF element are de#ined as ta,in" &lace at the e ent ca&turin" &hase) Once the e ent has reached the tar"et. it tra els bac, in the #ollowin" way:

The user mo es the mouse o er any ta" containin" the tar"et EaF element) The user mo es the mouse o er the document)

The two last ste&s in ol e the e ent bubblin" &hase) %s we can see. the com&lete &rocess. includin" the two &hases. is >uite len"thy. and considerably di##erent #rom a userHs &oint o# iew) In order to clari#y this eA&lanation. here are a cou&le o# dia"rams that show the entire e ent. as inter&reted by theDOM:

The abo e ima"es illustrate the e ent ca&turin" and the e ent bubble &hases. accordin" to the model im&lemented by the /2(DOM) %s weHll see shortly. there are si"ni#icant di##erences between the way that todayHs browsers su&&ort e ent bubblin" and e ent ca&turin")

nline and s!ripted event handlers into a!tion

Indeed. inline e ent handlers ha e been in use #or a lon" time) %s a&&lications became more com&leA. a clear need de elo&ed to im&lement HTML and *a a$cri&t code in di##erent layers) %lthou"h basic. itHs >uite use#ul to demonstrate how e ent &hases are handled with inline e ent handlers) HereHs is a sam&le o# this: Edi idG5testdi 5 onclic,G5alert3B-eactin" to ! ent bubble &haseB475F E&FEa hre#G5L5F(lic, here acti ate the alert methodE6aFE6&F E6di F In the &re ious eAam&le. weH e attached the 5onclic,5 e ent handler to the Edi F element. instead o# assi"nin" it directly to the lin,) Howe er. i# weHre usin" a browser that su&&orts e ent bubble. by just clic,in" on the EaF element. the e ent will tra erse the &ara"ra&h. reachin" the Edi F element and #irin" u& the 5alert5 boA) Howe er. since messin" u& HTML with *a a$cri&t is not recommended. the sam&le mi"ht be rewritten as #ollows: Escri&t lan"ua"eG5ja ascri&t5F ar di Gdocument)"et!lementById3Btestdi B47 di )onclic,G#unction34I alert3B-eactin" to ! ent bubble &haseB47 J E6scri&tF

%nd the HTML would be reduced to this: Edi idG5testdi 5F E&FEa hre#G5L5F(lic, here acti ate the alert methodE6aFE6&F E6di F Kor both cases. the result is the same. but the last one is de#initely the way to "o. since we remo ed the inline e ent handler #rom the HTML) %t this &oint. weH e &layin" around with some core de#initions. eA&lainin" di##erent techni>ues #or assi"nin" e ent handlin" that ha e been in use #or a lon" time. ho&e#ully as a reminder #or choosin" the ri"ht method when weHre dealin" with e ent handlers nowadays) In the browser arena. not so sur&risin"ly. Nestca&e and Microso#t came u& with di##erent conclusions #or e ent handlin") Netsca&eHs a&&roach was ori"inally based in the ca&ture &hase. establishin" that any e ent should be handled when the e ent was tra ersin" the /eb document. "oin" throu"h all o# the containin" elements. until reachin" the tar"et) On the other hand. Microso#t branched to the e ent bubble direction. s&eci#yin" that e ents should ta,e &recedence at the bubble &hase) %s we can see. the two models are radically o&&osed) Netsca&e ; only su&&orts e ent ca&turin". while Internet !A&lorer only su&&orts e ent bubblin") MoCilla. O&era M and Don>ueror su&&ort both a&&roaches) Older ersions o# O&era and i(ab su&&ort neither) /eHll see more e ent handlin" browser im&lementations in more detail shortly) %s an introductory &rocess. itHs more than enou"h) Traditional ways of assigning event handlers LetBs #irst re iew 3#or most o# us. at least4 the = common and con entional ways o# settin" u& an e ent handler- ia HTML. or scri&tin") In both cases. a #unction or code is attached at the end. which is eAecuted when the handler detects the s&eci#ied e ent) 84 @ia HTML. usin" attributes /e can de#ine an e ent handler directly inside the rele ant HTML ta". by embeddin" it as a attribute) % &iece o# *a a$cri&t is also included to tell the browser to &er#orm somethin" when the e ent occurs) Kor eAam&le.

Ea hre#G5htt&:66#reewareja a)com5 onMouseo erG5window)statusGB(lic, here #or *a a a&&letsB7return true5 onMouseoutG5window)statusGBB5FKreewareja a)comE6aF Demo: Here the e ent handler 3onMouseo er4 is directly added inside the desired element 3%4. alon" with the *a a$cri&t to eAecute)

=4 @ia scri&tin" Nou can also assi"n and set u& e ent handlers to elements usin" scri&tin". and inside your scri&t ) This allows #or the e ent handlers to be dynamically set u&. without ha in" to mess around with the HTML codes on the &a"e) /hen settin" u& e ent handlers #or an element directly inside your scri&t. the code to eAecute #or the e ents must be de#ined inside a #unction) *ust loo, at the below. which does the same thin" as abo e. but with the e ent handler de#ined usin" scri&tin": Ea IDG5test5 hre#G5htt&:66#reewareja a)com5FKreewareja a)comE6aF Escri&t ty&eG5teAt6ja ascri&t5F #unction chan"estatus34I window)statusG5(lic, here #or *a a a&&lets5 return true J #unction chan"ebac,status34I window)statusGBB J document)"et!lementById35test54)onmouseo erGchan"estatus document)"et!lementById35test54)onmouseoutGchan"ebac,status E6scri&tF

! ent Handlers: onclic,: onload: Use this to in o,e *a a$cri&t u&on clic,in" 3a lin,. or #orm boAes4 Use this to in o,e *a a$cri&t a#ter the &a"e or an ima"e has #inished loadin")

onmouseo er: Use this to in o,e *a a$cri&t i# the mouse &asses by some lin, onmouseout: onunload: Use this to in o,e *a a$cri&t i# the mouse "oes &ass some lin, Use this to in o,e *a a$cri&t ri"ht a#ter someone lea es this &a"e)

%ccommodatin" Non-(om&liant Browser

This is used chec, the browser com&atibility mode and dis&lay the web &a"e based on the com&atibility) I# there is no &ossibility to dis&lay the web &a"e in s&eci#ied #ormat then the &a"e itsel# shows error messa"e indicatin" that the browser you are usin" is not su&&orted by the current &a"e use s&eci#ied browser to dis&lay the web &a"e) !Aam&le:

This is 6www)ildashboard)com site is s&eci#ically desi"ned #or Internet !A&lorer 3I!4) i# we try to o&en this website in KireKoA3KK4 then you will "et error messa"e) Our %&&lication detected that you are usin" browser other than I!O and abo e) This website has been desi"ned to best #it with Internet eA&lorer O): and abo e)

Nour browser Detail : Ty&e G Kire#oA2)O)8?

Name G Kire#oA @ersion G 2)O)8?

Major @ersion G 2 Minor @ersion G :)O 'lat#orm G /inNT Is Beta G Kalse Is (rawler G Kalse Is %OL G Kalse Is /in8O G Kalse Is /in2= G True $u&&orts Krames G True $u&&orts Tables G True $u&&orts (oo,ies G True $u&&orts @B$cri&t G Kalse $u&&orts *a a$cri&t G 8); $u&&orts *a a %&&lets G True $u&&orts %cti e0 (ontrols G Kalse

Dete!ting Host Ob"e!ts % #amous eAam&le o# this s&eci#ication allowance 3ta,en to a &er erse eAtreme4 is the case o# host objects in Internet !A&lorer that are im&lemented as %cti e0 objects) $im&ly e aluatin" their methods 3as well as some &ro&erties4 will cause an eAce&tion to be thrown)

ar el G document)create!lement3Bdi B47 ar &arent G el)o##set'arent7 66 I! throws an eAce&tion here i# 3window)eAternal PP window)eAternal)addKa orite4 I 66 Thou"h the method eAists. I! will ne er "et here window)alert3BKound itQB47 J else I window)alert3BNo such object or methodB47 J

*a a $cri&t Browser Detection Edi idG5eAam&le5FE6di F Escri&t ty&eG5teAt6ja ascri&t5F tAt G 5E&FBrowser (odeName: 5 R na i"ator)a&&(odeName R 5E6&F57 tAtRG 5E&FBrowser Name: 5 R na i"ator)a&&Name R 5E6&F57 tAtRG 5E&FBrowser @ersion: 5 R na i"ator)a&&@ersion R 5E6&F57 tAtRG 5E&F(oo,ies !nabled: 5 R na i"ator)coo,ie!nabled R 5E6&F57 tAtRG 5E&F'lat#orm: 5 R na i"ator)&lat#orm R 5E6&F57 tAtRG 5E&FUser-a"ent header: 5 R na i"ator)user%"ent R 5E6&F57 document)"et!lementById35eAam&le54)innerHTMLGtAt7 E6scri&tF #erver$#ide %rogra&&ing Introduction to *a a $er lets $er let: a ja a &ro"ram that runs within the web ser er) Bi" a&&lets re>uire lon" download time %&&lets do not ha e access to all the system resources $er er-side *a a sol es &roblems that a&&lets #ace o (ode eAecuted on the ser er side and only the results sent to client o $er lets can access le"acy a&&lications and data sources $er lets are "eneric eAtensions to *a a-enabled ser ers $er lets are secure. &ortable. and easy to use re&lacement #or (+I $er let is a dynamically loaded module that ser ices re>uests #rom a /eb ser er $er lets are eAecuted within the *a a @irtual Machine Because the ser let is runnin" on the ser er side. it does not de&end on browser com&atibility $er let %rchitecture Two &ac,a"es ma,e u& the ser let architecture ja aA)ser let (ontains "eneric inter#aces and classes that are im&lemented and eAtended by all ser lets

 ja aA)ser let)htt& (ontains classes that are eAtended when creatin" HTT'-s&eci#ic ser lets

The heart o# ser let architecture is the inter#ace class ja aA)ser let)$er let It &ro ides the #ramewor, #or all ser lets De#ines #i e basic methods Sinit. ser ice. destroy. "et$er let(on#i" and "et$er letIn#o

-ead eA&licit data sent by client 3#orm data4 -ead im&licit data sent by client 3re>uest headers4 +enerate the results $end the eA&licit data bac, to client 3HTML4 $end the im&licit data to client3status codes and res&onse headers4

Li#e (ycle o# $er let The li#e cycle o# a ser let is controlled by the container in which the ser let has been de&loyed) /hen a re>uest is ma&&ed to a ser let. the container &er#orms the #ollowin" ste&s) 8) I# an instance o# the ser let does not eAist. the /eb container a) Loads the ser let class) b) (reates an instance o# the ser let class) c) InitialiCes the ser let instance by callin" the init method) =) In o,es the service method. &assin" a re>uest and res&onse object) $er let Li#e (ycle Methods The #ollowin" are the li#e cycle methods o# a ser let instance:

init34 ser ice34 destroy34

/e will loo, into the each method in detail) init34 This method is called once #or a ser let instance) /hen #irst time ser let is called. ser let container creates instance o# that ser let and loaded into the memory) Kuture re>uests will be ser ed by the same instance without creatin" the new instance) $er let by de#ault multithreaded a&&lication)init34 method is used #or inilialiCin" ser let ariables which are re>uired to be &assed #rom the de&loyment descri&tor web)Aml) $er let(on#i" is &assed as the &arameter to init34 method which stores all the alues con#i"ured in the web)Aml) It is more con enient way to initialiCe the ser let) ser ice34 This method is called #or the each re>uest) This is the entry &oint #or the e ery ser let re>uest and here we ha e to write our businesslo"ic or any other &rocesses) This method ta,es Htt&$er let-e>uest and Htt&$er letres&onse as the &arameters) It is not mandatory to write this method. normally de elo&ers are interested in writin" do+et34 or do'ost34 methods which is by de#ault called #rom the ser ice34 method) I# you o erride ser ice34. it is your re&onsibility to call the

a&&ro&riate methods) I# you are not o erridden the ser ice34 method. based on the ty&es o# the re>uest the methods will be called)

destroy34 This method will be called once #or a instance) It is used #or releasin" any resources used by the ser let instance) Most o# the times it could be database connections. Kill IO o&erations. etc) destroy34 is called by the container when it is remo in" the instance #rom the ser let container) $er let instance is deleted or "arba"e collected by the container only when the web ser er issues shut down or the instance is not used #or a lon" time)

$er lets $te& by $te& Hello (lient$er let)ja a 8: im&ort ja a)io)T7 =: im&ort ja aA)ser let)T7 2: im&ort ja aA)ser let)htt&)T7

;: ?: &ublic class Hello(lient$er let eAtends Htt&$er let O: I M: &rotected oid do+et3Htt&$er let-e>uest re>. <: Htt&$er let-es&onse res4 9: throws $er let!Ace&tion. IO!Ace&tion 8:: I 88: res)set(ontentTy&e35teAt6html547 8=: 'rint/riter out G res)"et/riter347 82: out)&rintln35EHTMLFEH!%DFETITL!FHello (lientQE6TITL!F5R 8;: 5E6H!%DFEBODNFHello (lientQE6BODNFE6HTMLF547 8?: out)close347 8O: J 8M: 8<: &ublic $trin" "et$er letIn#o34 89: I =:: return 5Hello(lient$er let 8): by $te#an Uei"er57 =8: J ==: J

how the $er let wor,s) Lines 8 to 2 im&ort some &ac,a"es which contain many classes which are used by the $er let 3almost e ery $er let needs classes #rom these &ac,a"es4) 8: im&ort ja a)io)T7 =: im&ort ja aA)ser let)T7 2: im&ort ja aA)ser let)htt&)T7 The $er let class is declared in line ?) Our $er let eAtends ja aA)ser let)htt&)Htt&$er let. the standard base class #or HTT' $er lets) ?: &ublic class Hello(lient$er let eAtends Htt&$er let In lines M throu"h 8O Htt&$er letBs do+et method is "ettin" o erridden) M: &rotected oid do+et3Htt&$er let-e>uest re>. <: Htt&$er let-es&onse res4 9: throws $er let!Ace&tion. IO!Ace&tion 8:: I ))) 8O: J

In line 88 we use a method o# the Htt&$er let-es&onse object to set the content ty&e o# the res&onse that we are "oin" to send) %ll res&onse headers must be set be#ore a 'rint/riter or $er letOut&ut$tream is re>uested to write body data to the res&onse) 88: res)set(ontentTy&e35teAt6html547

In line 8= we re>uest a 'rint/riter object to write teAt to the res&onse messa"e) 8=: 'rint/riter out G res)"et/riter347

In lines 82 and 8; we use the 'rint/riter to write the teAt o# ty&e teAt6html 3as s&eci#ied throu"h the content ty&e4) 82: 8;: out)&rintln35EHTMLFEH!%DFETITL!FHello (lientQE6TITL!F5R 5E6H!%DFEBODNFHello (lientQE6BODNFE6HTMLF547

The 'rint/riter "ets closed in line 8? when we are #inished writin" to it) 8?: out)close347

This line is included #or com&leteness) It is not strictly necessary) The /eb $er er closes the 'rint/riter or $er letOut&ut$tream automatically when a ser ice call returns) %n eA&licit call to close34 is use#ul when you want to do some &ost-&rocessin" a#ter the res&onse to the client has been #ully written) (allin" close34 tells the /eb $er er that the res&onse is #inished and the connection to the client may be closed as well) In lines 8< throu"h =8 we o erride the "et$er letIn#o34 method which is su&&osed to return in#ormation about the $er let. e)") the $er let name. ersion. author and co&yri"ht notice) This is not re>uired #or the #unction o# the Hello(lient$er let but can &ro ide aluable in#ormation to the user o# a $er let who sees the returned teAt in the administration tool o# the /eb $er er) 8<: &ublic $trin" "et$er letIn#o34 89: I =:: return 5Hello(lient$er let 8): by $te#an Uei"er57 =8: J %d anta"es o# $er lets !##iciency More e##icient Suses li"htwei"ht ja a threads as o&&osed to indi idual &rocesses 'ersistency $er lets remain in memory $er lets can maintain state between re>uests

 'ortability $ince ser lets are written in *a a. they are &lat#orm inde&endent -obustness !rror handlin". +arba"e collector to &re ent &roblems with memory lea,s Lar"e class library Snetwor,. #ile. database. distributed object com&onents. security. etc) !Atensibility (reatin" new subclasses that suite your needs Inheritance. &olymor&hism. etc) $ecurity $ecurity &ro ided by the ser er as well as the *a a $ecurity Mana"er !liminates &roblems associated with eAecutin" c"i scri&ts usin" o&eratin" system VshellsW 'ower#ul $er lets can directly tal, to web ser er Kacilitates database connection &oolin". session trac,in" etc) (on enient 'arsin" and decodin" HTML #orm data. readin" and settin" HTT' headers. handlin" coo,ies. etc) Methods in Htt&$er let There are M methods &resent in the Htt&$er let) do+et34) do'ost34 do'ut34) doTrace34 doDelete34 doHead34 doO&tions34 i)

do+et &rotected oid do+et3Htt&$er let-e>uest re>. Htt&$er let-es&onse res&4 throws $er let!Ace&tion. IO!Ace&tion 'er#orms the HTT' +!T o&eration7 the de#ault im&lementation re&orts an HTT' B%DX-!YU!$T error) O erridin" this method to su&&ort the +!T o&eration also automatically su&&orts the H!%D o&eration) 3H!%D is a +!T that returns no body in the res&onse7 it just returns the re>uest H!%Der #ields)4 $er let writers who o erride this method should read any data #rom the re>uest. set entity headers in the res&onse. access the writer or out&ut stream. and. #inally. write any res&onse data) The headers that are set should include content ty&e. and encodin") I# a writer is to be used to write res&onse data. the content ty&e must be set be#ore the writer is accessed) In

"eneral. the ser let im&lementor must write the headers be#ore the res&onse data because the headers can be #lushed at any time a#ter the data starts to be written) $ettin" content len"th allows the ser let to ta,e ad anta"e o# HTT' 5connection ,ee& ali e5) I# content len"th can not be set in ad ance. the &er#ormance &enalties associated with not usin" ,ee& ali es will sometimes be a oided i# the res&onse entity #its in an internal bu##er) !ntity data written #or a H!%D re>uest is i"nored) $er let writers can. as a sim&le &er#ormance o&timiCation. omit writin" res&onse data #or H!%D methods) I# no res&onse data is to be written. then the content len"th #ield must be set eA&licitly) The +!T o&eration is eA&ected to be sa#e: without any side e##ects #or which users mi"ht be held res&onsible) Kor eAam&le. most #orm >ueries ha e no side e##ects) -e>uests intended to chan"e stored data should use some other HTT' method) 3There ha e been cases o# si"ni#icant security breaches re&orted because web-based a&&lications used +!T ina&&ro&riately)4 The +!T o&eration is also eA&ected to be idem&otent: it can sa#ely be re&eated) This is not >uite the same as bein" sa#e. but in some common eAam&les the re>uirements ha e the same result) Kor eAam&le. re&eatin" >ueries is both sa#e and idem&otent 3unless &ayment is re>uiredQ4. but buyin" somethin" or modi#yin" data is neither sa#e nor idem&otent)

'arameters: re> - Htt&$er let-e>uest that enca&sulates the re>uest to the ser let res& - Htt&$er let-es&onse that enca&sulates the res&onse #rom the ser let Throws: IO!Ace&tion i# detected when handlin" the re>uest Throws: $er let!Ace&tion i# the re>uest could not be handled $yntaA o# Usin" do+et &ublic oid do+et 3Htt&$er let-e>uest re>uest.Htt&$er let-es&onse res&onse4 throws $er let!Ace&tion. IO!Ace&tion I )))ser let code "oes here))) J ii)

do'ost &rotected oid do'ost3Htt&$er let-e>uest re>. Htt&$er let-es&onse res&4 throws $er let!Ace&tion. IO!Ace&tion 'er#orms the HTT' 'O$T o&eration7 the de#ault im&lementation re&orts an HTT' B%DX-!YU!$T error) $er let writers who o erride this method should read any data #rom the re>uest 3#or eAam&le. #orm &arameters4. set entity headers in the res&onse. access the

writer or out&ut stream and. #inally. write any res&onse data usin" the ser let out&ut stream) The headers that are set should include content ty&e. and encodin") I# a writer is to be used to write res&onse data. the content ty&e must be set be#ore the writer is accessed) In "eneral. the ser let im&lementor must write the headers be#ore the res&onse data because the headers can be #lushed at any time a#ter the data starts to be written) I# HTT'68)8 chun,ed encodin" is used 3that is. i# the trans#er-encodin" header is &resent4. then the content-len"th header should not be set) Kor HTT'68)8 communications that do not use chun,ed encodin" and HTT' 8): communications. settin" content len"th allows the ser let to ta,e ad anta"e o# HTT' 5connection ,ee& ali e5) Kor just such communications. i# content len"th can not be set. the &er#ormance &enalties associated with not usin" ,ee& ali es will sometimes be a oided i# the res&onse entity #its in an internal bu##er) This method does not need to be either 5sa#e5 or 5idem&otent5) O&erations re>uested throu"h 'O$T can ha e side e##ects #or which the user can be held accountable) $&eci#ic eAam&les includin" u&datin" stored data or buyin" thin"s online)

'arameters: re> - Htt&$er let-e>uest that enca&sulates the re>uest to the ser let res& - Htt&$er let-es&onse that enca&sulates the res&onse #rom the ser let Throws: IO!Ace&tion i# detected when handlin" the re>uest Throws: $er let!Ace&tion i# the re>uest could not be handled $yntaA o# Usin" do'ost &ublic oid do'ost 3Htt&$er let-e>uest re>uest.Htt&$er let-es&onse res&onse4 throws $er let!Ace&tion. IO!Ace&tion I )))ser let code "oes here))) J iii)

do'ut &rotected oid do'ut3Htt&$er let-e>uest re>. Htt&$er let-es&onse res&4 throws $er let!Ace&tion. IO!Ace&tion 'er#orms the HTT' 'UT o&eration7 the de#ault im&lementation re&orts an HTT' B%DX-!YU!$T error) The 'UT o&eration is analo"ous to sendin" a #ile ia KT') $er let writers who o erride this method must res&ect any (ontent-T headers sent with the re>uest) 3These headers include content-len"th. content-ty&e. content-trans#er-encodin". content-encodin". content-base. content-lan"ua"e. content-location. content-MD?. and content-ran"e)4 I# the subclass cannot honor a content header. then it must issue an error res&onse 3?:84 and discard the re>uest) Kor more in#ormation. see the HTT' 8)8 -K()

This method does not need to be either 5sa#e5 or 5idem&otent5) O&erations re>uested throu"h 'UT can ha e side e##ects #or which the user can be held accountable) %lthou"h not re>uired. ser let writers who o erride this method may wish to sa e a co&y o# the a##ected U-I in tem&orary stora"e)

'arameters: re> - Htt&$er let-e>uest that enca&sulates the re>uest to the ser let res& - Htt&$er let-es&onse that enca&sulates the res&onse #rom the ser let Throws: IO!Ace&tion i# detected when handlin" the re>uest Throws: $er let!Ace&tion i# the re>uest could not be handled i )

doTrace

&rotected oid doTrace3Htt&$er let-e>uest re>. Htt&$er let-es&onse res&4 throws $er let!Ace&tion. IO!Ace&tion 'er#orms the HTT' T-%(! o&eration7 the de#ault im&lementation o# this method causes a res&onse with a messa"e containin" all o# the headers sent in the trace re>uest) This method is not ty&ically o erridden) 'arameters: re> - Htt&$er let-e>uest that enca&sulates the re>uest to the ser let res& - Htt&$er let-es&onse that enca&sulates the res&onse #rom the ser let Throws: IO!Ace&tion i# detected when handlin" the re>uest Throws: $er let!Ace&tion i# the re>uest could not be handled )

doDelete &rotected oid doDelete3Htt&$er let-e>uest re>. Htt&$er let-es&onse res&4 throws $er let!Ace&tion. IO!Ace&tion 'er#orms the HTT' D!L!T! o&eration7 the de#ault im&lementation re&orts an HTT' B%DX-!YU!$T error) The D!L!T! o&eration allows a client to re>uest a U-I to be remo ed #rom the ser er) This method does not need to be either 5sa#e5 or 5idem&otent5) O&erations re>uested throu"h D!L!T! can ha e side-e##ects #or which users may be held accountable) %lthou"h not re>uired. ser let writers who subclass this method may wish to sa e a co&y o# the a##ected U-I in tem&orary stora"e)

'arameters: re> - Htt&$er let-e>uest that enca&sulates the re>uest to the ser let res& - Htt&$er let-es&onse that enca&sulates the res&onse #rom the ser let

Throws: IO!Ace&tion i# detected when handlin" the re>uest Throws: $er let!Ace&tion i# the re>uest could not be handled

$essions The basic &remise o# sessions is that only a session ID is stored on the client) On the ser er. that ID is associated with other 5real world5 in#ormation such as a user name. sho&&in" cart etc) 3This is a di##erence com&ared to usin" 5raw5 coo,ies to store in#ormation such as a user name on the client)4 HTT' sessions ty&ically o&erate is as #ollows:

when a client #irst re>uests a &a"e where we need to start a session 3e)") the 5lo"in5 &a"e4. our ser er allocates a random session ID7 that session ID is then communicated bac, to the client7 whene er the client subse>uently re>uests a &a"e #rom our ser er 3or rele ant &ath #rom our ser er4. it sends bac, the same session ID7 on the ser er. we can associate in#ormation with that session ID7 on the ser er. we can e entually decide that the session has 5eA&ired5. and6or &ro ide the user with a means to manually tell our ser er to 5eA&ire5 the session) HTT' is the stateless &rotocol: it &ro ides no way #or the ser er to reco"niCe that a se>uence o# re>uests are all #rom the same client) 'ri acy ad ocates may consider this the #eature. but it causes &roblems because many web a&&lications arenBt stateless)

$ession Trac,in"

To su&&ort the so#tware that needs ,ee& trac, o# the state. *a a $er let technolo"y &ro ides an %'I #or mana"in" sessions and allows se eral mechanisms #or im&lementin" sessions) $ession trac,in" is a "reat thin") ! ery user can be associated with a ja aA)ser let)htt&)Htt&$ession object that ser lets can use to store or retrie e in#ormation about that user) %ny set o# arbitry can be sa ed by the *a a objects in a session object) Kor eAam&le. a user s session object &ro ides a con enient location #or a ser let to store the user s sho&&in" cart contents) Methods to Tra!' the #ession There are #our ty&es o# techni>ues used in ser let to handle the session which are as #ollows: 8)U-L -ewrittin" =)Hidden Korm Kieds

2)Htt& $ession ;)$ecure $oc,et Layer3$$L4

()U*L *ewritting Nou can a&&end some eAtra data on the end o# the each U-L that identi#ies the session. and the ser er can associate that session identi#ier with data it has stored about that session only) This is also an eAcellent solution. and e en has ad anta"e that it wor,s with the browsers that donBt su&&ort coo,ies or where the user has disabled coo,ies) Howe er. it has most o# same &roblems as coo,ies. namely that the ser er-side &ro"ram has a lot o# strai"ht#orward but tedious &rocessin" to do) In addition. you ha e to be ery care#ul that e ery U-L returned to user 3e en ia indirect means li,e Location #ields in ser er redirects4 has the eAtra in#ormation a&&ended) %nd. i# the user lea es session and comes bac, ia a boo,mar, or lin,. the session in#ormation can be lost)

+)Hidden ,or& ,ieds HTML #orms ha e an entry that loo,s li,e #ollowin": Ein&ut ty&eG5hidden5 nameG5session5 alueG5)))5F) This means that. when the #orm is submitted. the s&eci#ied name and alue are included in +!T or 'O$T data) This can be used to store in#ormation about the session) Howe er. it has the

major disad anta"e that it only wor,s i# e ery &a"e is dynamically "enerated. since the whole &oint is that each session has the uni>ue identi#ier) -)Http #ession The Htt&$ession inter#ace is im&lemented by the ser ices to &ro ide an association between an HTT' client and HTT' ser er) This association. or session. &ersists o er multi&le connection and6or re>uests durin" a "i en time &eriod) $essions are used to maintain the state and user identity across multi&le &a"e re>uests) % session can be maintained either by usin" the coo,ies or by U-L rewritin") To eA&ose whether the client su&&orts coo,ies. Htt&$ession de#ines the is(oo,ie$u&&ortDetermined method and an isUsin"(oo,ies method)

Htt&$ession de#ines the methods which store these ty&es o# data:

$tandard session &ro&erties. such as an identi#ier #or the session. and the conteAt #or the session) %&&lication layer data. accessed usin" this inter#ace and stored usin" the dictionary-li,e inter#ace)

.)#e!ure #o!'et Layer/##L0 The $ecure $oc,ets Layer &rotocol. or $$L. sits between a&&lication-le el &rotocol 3in this case HTT'4 and the low-le el trans&ort &rotocol 3#or the Internet. almost eAclusi ely T('6I'4) It handles the details o# the security mana"ement usin" &ublic ,ey cry&to"ra&hy to encry&t all client6ser er communication) $$L was introduced by Netsca&e with Netsca&e Na i"ator 8) It has since become the de #acto standard #or the secure online communications and #orms the basis o# he Trans&ort Layer $ecurity 3TL$4 &rotocol currently under de elo&ment by the Internet !n"ineerin" Tas, Korce) $$L @ersion =):. the ersion #irst to "ain the wides&read acce&tance. includes su&&ort #or ser er certi#icates only) It &ro ides the authentication o# the ser er. con#identiality. and inte"rity) HereBs how it wor,s:

% user connects to the secure site usin" the HTT'$ 3HTT' &lus $$L4 &rotocol) 3Nou can detect sites usin" the HTT'$ &rotocol because their U-Ls be"in with htt&s: instead o# htt&:)4 The ser er si"ns its &ublic ,ey with its &ri ate ,ey and sends it bac, to browser) The browser uses ser erBs &ublic ,ey to eri#y that the same &erson who si"ned the ,ey

actually owns it)

The browser chec, to see whether a trusted certi#icate authority si"ned the ,ey) I# one didnBt. the browser as,s the user i# the ,ey can be trusted and &roceeds as directed) The client "enerates a symmetric 3 D!$4 ,ey #or session. which is encry&ted with the ser erBs &ublic ,ey and sent bac, to the ser er) This new ,ey is used to encry&t all the subse>uent transactions) The symmetric ,ey is used because o# hi"h com&utational cost o# &ublic ,ey cry&tosystems)

Coo'ies (oo,ies are small bits o# teAtual in#ormation that the /eb ser er sends to the browser and that the browser returns unchan"ed when isitin" the same /eb site or domain later Nou can use HTT' coo,ies to store in#ormation about a sho&&in" session. and each subse>uent connection can loo, u& the current session and then eAtract in#ormation about that session #rom some location on the ser er machine) This is an eAcellent alternati e. and is the most widely used a&&roach) Howe er. e en thou"h ser lets ha e a hi"h-le el and easy-to-use inter#ace to coo,ies. there are still a number o# relati ely tedious details that need to be handled: !Atractin" the coo,ie that stores the session identi#ier #rom the other coo,ies 3there may be many. a#ter all4. $ettin" an a&&ro&riate eA&iration time #or the coo,ie 3sessions interru&ted by =; hours &robably should be reset4. and

%ssociatin" in#ormation on the ser er with the session identi#ier 3there may be #ar too much in#ormation to actually store it in the coo,ie. &lus sensiti e data li,e credit card numbers should ne er "o in coo,ies4)

1dvantages of using Coo'ies By ha in" the ser er read in#ormation it sent the client &re iously. the site can &ro ide isitors with the number o# con eniences:

Identi#yin" the user durin" an e-commerce session) Many on-line stores use the 5sho&&in"

cart5 meta&hor in which the user selects an item. adds it to his sho&&in" cart. then continues sho&&in") $ince HTT' connection is closed a#ter each &a"e is sent. when the user select a new item #or his cart. how does the store ,now that he is the same user that &ut the &re ious item in his cart1 (oo,ies are the "ood way o# accom&lishin" this) In #act. this is so use#ul that ser let ha e an %'I s&eci#ically #or this. and ser let authors donBt need to mani&ulate coo,ies directly to ma,e use o# it) % oidin" username and &assword) Many lar"e sites re>uire you to re"ister in order to use their ser ice. but it is incon enient to remember the username and &assword) (oo,ies are the "ood alternati e #or low-security sites) /hen a user re"isters. a coo,ie is sent with a uni>ue user ID) /hen the client reconnects at the later date. the user ID is returned. the ser er loo,s it u&. determines it belon"s to the re"istered user. and doesnBt re>uire an eA&licit username and &assword) (ustomiCin" a site) Many 5&ortal5 sites let you customiCe the loo, o# main &a"e) They use coo,ies to remember what you wanted. so that you "et that result initially #or the neAt time) IBll "i e an eAam&le li,e this later in this section o# the tutorial) Kocusin" ad ertisin") The search en"ine char"e their customers much more #or dis&layin" 5directed5 ads than 5random5 ads) That is. i# you do a search on 5*a a $er lets5. a search site can char"e much more #or an ad #or the ser lets de elo&ment en ironment than an ad #or an on-line tra el a"ent) On the other hand. i# the search had been 5Bali Hotels5. the situation would be the re ersed) The &roblem is that they ha e to show a random ad when you #irst arri e and ha enBt yet &er#ormed the search. as well as when you search on somethin" that doesnBt match any ad cate"ories) (oo,ies let them remember 5Oh. thatBs the &erson who was searchin" #or such and such &re iously5 and dis&lays an a&&ro&riate 3read 5hi"h &riced54 ad instead o# a random 3read 5chea&54 one)

Creating Coo'ies % (oo,ie is created by callin" (oo,ie constructor. which ta,es two strin": the coo,ie name and the coo,ie alue The #ollowin" eAam&le describes how to create a coo,ie (oo,ie user(oo,ie G new (oo,ie35user5. 5uid8=2;547 res&onse)add(oo,ie3user(oo,ie47

U-L-ewritin" U-L-ewritin" can be used in &lace where we donBt want to use coo,ies) It is used to maintain the session) /hene er the browser sends a re>uest then it is always inter&reted as a new re>uest because htt& &rotocol is a stateless &rotocol as it is not &ersistent) /hene er we want that out re>uest object to stay ali e till we decide to end the re>uest object then. there we use the conce&t o# session trac,in")

In session trac,in" #irstly a session object is created when the #irst re>uest "oes to the ser er) Then ser er creates a to,en which will be used to maintain the session) The to,en is transmitted to the client by the res&onse object and "ets stored on the client machine) By de#ault the ser er creates a coo,ie and the coo,ie "et stored on the client machine)